CVE-2009-3295

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to 1.7.1 mit-krb5 versions prior to 1.9.2-r1 krb5-devel-64bit (affected versions not specified) krb5-debuginfo-32bit (affected versions not specified) krb5-x86 (affected versions not specified) krb5-plugin-preauth-pkinit-debuginfo (affected versions not specified) krb5-debuginfo-64bit (affected versions not specified) krb5-debugsource (affected versions not specified) krb5-debuginfo-x86 (affected versions not specified) krb5-64bit (affected versions not specified) krb5-debuginfo (affected versions not specified) krb5-apps-servers (affected versions not specified) krb5-apps-clients (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the krb5 package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The prep reprocess req function in kdc/do tgs req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.

Recommendations For MIT Kerberos 5 versions prior to 1.7.1, update to version 1.7.1 or later. For mit-krb5 versions prior to 1.9.2-r1, update to version 1.9.2-r1 or later. For krb5-devel-64bit, krb5-debuginfo-32bit, krb5-x86, krb5-plugin-preauth-pkinit-debuginfo, krb5-debuginfo-64bit, krb5-debugsource, krb5-debuginfo-x86, krb5-64bit, krb5-debuginfo, krb5-apps-servers, and krb5-apps-clients, at the moment, there is no information about a newer version that contains a fix for this vulnerability.