In MIT krb5 releases krb5-1.7 and later, an unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when reading beyond the end of a buffer or by causing a null pointer dereference. References: http://diswww.mit.edu:8008/menelaus.mit.edu/cvs-krb5/28388 https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
A remote unauthenticated attacker is able to send a specially crafted packet to crash a Kerberos server. The kg_unseal_v1 and kg_unseal_v1_iov functions in GSSAPI are reachable externally, and do not handle issues like handling of invalid RFC 1964 tokens and checking for header length less than 22 bytes. CVE-2014-4342 affects MIT krb5 releases krb5-1.7 and later.
Statement: This issue did not affect the version of krb5 as shipped with Red Hat Enterprise Linux 5.
IssueDescription: A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1389 https://rhn.redhat.com/errata/RHSA-2014-1389.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0439 https://rhn.redhat.com/errata/RHSA-2015-0439.html