A NULL pointer dereference flaw was found in the way MIT Key Distribution Center (KDC) daemon processed not-null terminated principal names in request for ticket-granting ticket, when the krb5kdc daemon was configured to use and LDAP back end. A remote attacker could use this flaw to cause denial of service (krb5kdc daemon crash) via a ticket-granting ticket request for specially-crafted principal name. Acknowledgements: Red Hat would like to thank the MIT Kerberos project for reporting this issue.
This issue did NOT affect the versions of the krb5 package, as shipped with Red Hat Enterprise Linux 3 or 4, as those versions do not support LDAP back end / storage mechanism yet. -- This issue affects the versions of the krb5 package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the versions of the krb5 package, as shipped with Fedora release of 13 and 14.
This issue is now public: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3 or 4 as they did not include support for the LDAP backend.
Created krb5 tracking bugs for this issue Affects: fedora-all [bug 676127]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0199 https://rhn.redhat.com/errata/RHSA-2011-0199.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0200 https://rhn.redhat.com/errata/RHSA-2011-0200.html