krb5 -- ASN.1 decoder denial-of-service vulnerability

ID BD60922B-FB8D-11D8-A13E-000A95BC6FAE
Type freebsd
Reporter FreeBSD
Modified 2004-08-31T00:00:00


An advisory published by the MIT Kerberos team says:

The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. An unauthenticated remote attacker can cause a KDC or application server to hang inside an infinite loop. An attacker impersonating a legitimate KDC or application server may cause a client program to hang inside an infinite loop.