The MIT Kerberos implementation contains several vulnerabilities. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, compromise the key database or cause a denial of service on a vulnerable system.
The MIT Kerberos Development Team has released MIT krb5 Security Advisory 2008-002 to address vulnerabilities in multiple versions of MIT Kerberos. More information about these vulnerabilities can be found in VU#895609 and VU#374121.
Potential consequences include arbitrary code execution, key database compromise, and denial of service.
Check with your vendors for patches or updates. For information about a vendor, please see the systems affected section in vulnerability notes VU#895609 and VU#374121 or contact your vendor directly. Administrators who compile MIT Kerberos from source should refer to MIT Security Advisory 2008-002 for more information.
Feedback can be directed to US-CERT.
Produced 2008 by US-CERT, a government organization. Terms of use
Revision History
March 19, 2008: Initial release