Red Hat Bugzilla – Bug 827517
CVE-2012-1013 krb5: kadmind denial of service
Last modified: 2015-11-24 10:06:07 EST
MIT Kerberos 5 version 1.10.2 was released  and noted as fixing:
* Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the "create" privilege. [CVE-2012-1013]
No information is currently available on which versions are affected by this flaw.
Upstream bug report:
And the upstream fix:
This only affects krb5 1.8 and higher, and only clients authorized to create principals can trigger the bug (so requires administrative privileges).
Created krb5 tracking bugs for this issue
Affects: fedora-all [bug 827598]
krb5-1.10-7.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.9.3-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.9.3-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2012:1131 https://rhn.redhat.com/errata/RHSA-2012-1131.html
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 and 5.