The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 up to and including 1.8.4 and 1.9 up to and including 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mit kerberos 5 1.8.2 |
||
mit kerberos 5 1.8.1 |
||
mit kerberos 5 1.9 |
||
mit kerberos 5 1.8.4 |
||
mit kerberos 5 1.8.3 |
||
mit kerberos 5 1.8 |
||
mit kerberos 5 1.9.1 |