Tkuthan

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 versions 1.6.x through 1.11.x before 1.11.6 MIT Kerberos 5 versions 1.12.x before 1.12.2 krb5 (affected versions not specified) **Description** The issue is related to an off-by-one error in the `krb5 encode krbsecretkey` function in the LDAP KDB module in kadmind, which allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via a series of "cpw -keepold" commands. The vulnerability can be exploited remotely by an attacker who has passed the authentication procedure, leading to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For MIT Kerberos 5 versions 1.6.x through 1.11.x before 1.11.6, update to version 1.11.6 or later. For MIT Kerberos 5 versions 1.12.x before 1.12.2, update to version 1.12.2 or later. For krb5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.