A denial of service flaw was found in the way kpropd, a Kerberos V5 slave KDC update server, processed certain update requests for KDC database propagation. A remote, unauthenticated user could use this flaw to cause kpropd daemon to terminate (stop the Kerberos server replication process).
This issue did NOT affect the versions of the krb5 package, as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the version of the krb5 package, as shipped with Red Hat Enterprise Linux 6.
This issue is now public: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt
Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5 as the flaw was introduced in a later version of MIT krb5 (1.7).
Created krb5 tracking bugs for this issue Affects: fedora-all [bug 676127]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0200 https://rhn.redhat.com/errata/RHSA-2011-0200.html