Sol Jerome

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 (krb5) versions 1.11 through 1.11.3 mit-krb5 versions prior to 1.11.4 **Description** The issue allows remote authenticated users to cause a denial of service, potentially leading to a disruption in confidentiality, integrity, and availability of protected information. This can be triggered via a TGS-REQ request that causes an attempted cross-realm referral for a host-based service principal when a single-component realm name is used. **Recommendations** For MIT Kerberos 5 (krb5) versions 1.11 through 1.11.3, update to version 1.11.4 or later to resolve the issue. For mit-krb5 versions prior to 1.11.4, update to version 1.11.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 versions 1.5 through 1.6.3 mit-krb5 versions prior to 1.9.2-r1 **Description** The issue concerns multiple vulnerabilities in the mit-krb5 package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. A specific vulnerability involves a use-after-free issue in the `kadmin/server/server stubs.c` file of kadmind, allowing remote authenticated users to cause a denial of service by sending an invalid API version number from a kadmin client. **Recommendations** For MIT Kerberos 5 versions 1.5 through 1.6.3, update to a version later than 1.6.3 to resolve the issue. For mit-krb5 versions prior to 1.9.2-r1, update to version 1.9.2-r1 or later to fix the vulnerabilities. As a temporary workaround, consider restricting access to the `kadmind` service until a patch is applied.