Tim Zingelman

**Name of the Vulnerable Software and Affected Versions** krb5 versions 1.0.1 and earlier krb5-plugin-kdb-ldap (affected versions not specified) krb5-server (affected versions not specified) krb5-devel-32bit (affected versions not specified) krb5-devel (affected versions not specified) krb5 (affected versions not specified) krb5-32bit (affected versions not specified) krb5-plugin-preauth-pkinit (affected versions not specified) krb5-client (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the krb5 package and its related components in the openSUSE operating system. These vulnerabilities can be exploited remotely, potentially leading to a disruption in the availability of protected information. The vulnerabilities may allow remote authenticated users to bypass intended group access restrictions, create, overwrite, delete, or read files via standard FTP commands. The exploitation can be carried out remotely. **Recommendations** For krb5 versions 1.0.1 and earlier, update to a version later than 1.0.1 to resolve the issue. For krb5-plugin-kdb-ldap, krb5-server, krb5-devel-32bit, krb5-devel, krb5, krb5-32bit, krb5-plugin-preauth-pkinit, and krb5-client, at the moment, there is no information about a newer version that contains a fix for this vulnerability.