FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- KDC denial of service vulnerability

Affected packages
krb5-113 < 1.13.6
krb5-114 < 1.14.3

Details

VuXML ID 62d45229-4fa0-11e6-9d13-206a8a720317
Discovery 2016-07-20
Entry 2016-07-21
Modified 2016-07-26

Major changes in krb5 1.14.3 and krb5 1.13.6:

Fix a rare KDC denial of service vulnerability when anonymous client principals are restricted to obtaining TGTs only [CVE-2016-3120] .

References

CVE Name CVE-2016-3120
URL http://web.mit.edu/kerberos/krb5-1.14/