If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker could crash kadmind by inserting a principal entry with no long term keys. It is reported that versions prior to 1.12 are not affected. Upstream fix: https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16 Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773228
Statement: Not vulnerable. This issue does not affect the version of krb5 package as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Created krb5 tracking bugs for this issue: Affects: fedora-21 [bug 1176002]