FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- remote denial of service vulnerability

Affected packages
krb5 <= 1.6.3_9


VuXML ID a30573dc-4893-11df-a5f9-001641aeabdf
Discovery 2010-04-06
Entry 2010-04-18

An authenticated remote attacker can causing a denial of service by using a newer version of the kadmin protocol than the server supports.

The MIT Kerberos team also reports the cause:

The Kerberos administration daemon (kadmind) can crash due to referencing freed memory.


Bugtraq ID 39247
CVE Name CVE-2010-0629