Daniel Wachdorf

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.17 Description: The issue allows local users to cause a denial of service via keyctl requests that add a key to a user key instead of a keyring key, resulting in an invalid dereference in the ` keyring search one` function. This occurs due to a problem in the `sys add key` function within the keyring code. Recommendations: For Linux kernel versions prior to 2.6.17, consider restricting access to the `sys add key` function until a patch is available. As a temporary workaround, avoid using the `keyctl` requests that add a key to a user key instead of a keyring key to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 (krb5) versions 1.3 through 1.4.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved through a certain valid TCP connection that causes a free of unallocated memory. **Recommendations** For versions 1.3 through 1.4.1, consider restricting access to the Key Distribution Center (KDC) to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 (krb5) versions 1.4.1 and earlier **Description** A heap-based buffer overflow issue exists in the Key Distribution Center (KDC) of MIT Kerberos 5, which can be triggered by a certain valid TCP or UDP request. This issue can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. **Recommendations** For versions 1.4.1 and earlier, update to a version later than 1.4.1 to resolve the issue.