MIT Kerberos 4/5 e_msg Variable kerb_err_reply Function Remote Overflow
Remote / Network Access
Denial of Service,
Loss of Integrity,
Loss of Availability
MIT Kerberos contain a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker overflows the buffer of the e_msg variable in the kerb_err_reply() function, causing the KDC to issue invalid tickets for all principles, generate a "principal unknown" error or crash the KDC process, resulting in loss of availability for the platform.
Upgrade to MIT Kerberos 5 version 1.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: apply the appropriate KDC patch from MIT, as listed in the Kerberos Security Advisory.