Cameron Meadors

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 versions 1.7 through 1.9 mit-krb5 versions prior to 1.9.2-r1 **Description** The issue is related to a double free vulnerability in the prepare error as function in do as req.c in the Key Distribution Center (KDC) when the PKINIT feature is enabled. This allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e data field containing typed data. Multiple vulnerabilities in the mit-krb5 package may lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For MIT Kerberos 5 versions 1.7 through 1.9, update to a version later than 1.9. For mit-krb5 versions prior to 1.9.2-r1, update to version 1.9.2-r1 or later. As a temporary workaround, consider disabling the PKINIT feature until a patch is available.