MIT Kerberos Security Advisories

MIT has released two Security Advisories to address multiple vulnerabilities in Kerberos 5. These vulnerabilities affect krb4-enabled KDC servers and the GSS RPC library used by kadmind. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code, obtain sensitive information, or cause a denial of service condition.

US-CERT encourages users to do the following to help mitigate the risks:

• Review Kerberos Security Advisory 2008-001, 2008-002, and apply any necessary updates.
• Review VU#895609 and VU#374121 in the Vulnerability Notes Database.