CVE-2002-0036

Name of the Vulnerable Software and Affected Versions MIT Kerberos V5 versions prior to 1.2.5 krb5-workstation versions 1.1.1 through 1.2.2 krb5-devel versions 1.1.1 through 1.2.2 krb5-configs version 1.1.1 krb5-server versions 1.1.1 through 1.2.2 krb5-libs version 1.1.1 krb5 version 1.1.1 through 1.2.2

Description The issue is related to an integer signedness error in the MIT Kerberos V5 ASN.1 decoder, which can cause a denial of service via a large unsigned data element length. Multiple vulnerabilities in the krb5 packages of Red Hat Linux can lead to a violation of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For MIT Kerberos V5 versions prior to 1.2.5, update to version 1.2.5 or later. For krb5-workstation versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-devel versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-configs version 1.1.1, update to a version later than 1.1.1. For krb5-server versions 1.1.1 through 1.2.2, update to a version later than 1.2.2. For krb5-libs version 1.1.1, update to a version later than 1.1.1. For krb5 versions 1.1.1 through 1.2.2, update to a version later than 1.2.2.