When the ticket creating process of Kerberos writes temporary files to the /tmp directory, it uses predictable file names. These file names can be anticipated by an attacker who can create a symbolic link utilizing this name. This could enable the attacker to overwrite system files as root, thus causing a Denial of Service.
For KTH Kerberos, upgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability.
For MIT Kerberos 5 prior to version 1.2.2-beta1 and MIT Kerberos 4 patch 10 and earlier, upgrade to the latest version of MIT Kerberos (krb5-1.2.2 or later).
An upgrade is required as there are no known workarounds.