CVE-2015-8630

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (aka krb5) versions 1.12.x through 1.13.x before 1.13.4 MIT Kerberos 5 (aka krb5) versions 1.14.x before 1.14.1

Description The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash due to a NULL pointer dereference. This occurs when the KADM5 POLICY is specified with a NULL policy name, affecting the kadm5 create principal 3 and kadm5 modify principal functions.

Recommendations For versions 1.12.x through 1.13.x before 1.13.4, update to version 1.13.4 or later. For versions 1.14.x before 1.14.1, update to version 1.14.1 or later. As a temporary workaround, consider restricting access to the kadm5 create principal 3 and kadm5 modify principal functions until a patch is available.