Multiple holes in MIT Kerberos
Apr 09, 2009, 15:34 (0 Talkback[s])
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
" Attackers can reportedly exploit a weakness to cause a SPNEGO
GSS-API application crash, including the Kerberos administration
daemon (kadmind). A remote attack could also cause a key
distribution center (KDC) or kinit program to crash.
"The developers also describe a vulnerability in the ASN.1
decoder that could allow an attacker to crash the Kerberos
application and execute arbitrary malicious code. All attacks can
be run remotely and do not require authentication."