krb5 -- multiple denial of service vulnerabilities

2010-02-16T00:00:00
ID 9AC0F9C4-492B-11DF-83FB-0015587E2CC1
Type freebsd
Reporter FreeBSD
Modified 2013-06-16T00:00:00

Description

Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows:

An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial of service.

An unauthenticated remote attacker could cause a GSS-API application, including the Kerberos administration daemon (kadmind) to crash.