CVE-2008-0062

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to the fixed version

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. This is due to the KDC in MIT Kerberos 5 not setting a global variable for some krb4 message types. The vulnerability can be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For MIT Kerberos 5 versions prior to the fixed version, update to the fixed version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.