The prepreprocessreq function in dotgsreq.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "krb5-admin-server", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-doc", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-gss-samples", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-kdc", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-kdc-ldap", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-locales", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-multidev", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-pkinit", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-user", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libgssapi-krb5-2", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libgssrpc4", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libk5crypto3", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkadm5clnt-mit8", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkadm5srv-mit8", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkdb5-7", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkrb5-3", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkrb5-dbg", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkrb5-dev", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkrb5support0", "binary_version": "1.11.3+dfsg-3ubuntu2" } ] }