CVE-2004-0644

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions 1.2.2 through 1.3.4 krb5-devel versions 1.2.2 krb5-server versions 1.2.2 krb5-libs versions 1.2.2 krb5-workstation versions 1.2.2

Description The issue allows remote attackers to cause a denial of service, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be exploited remotely. The asn1buf skiptail function in the ASN.1 decoder library is specifically affected, allowing for an infinite loop via certain BER encoding.

Recommendations For MIT Kerberos 5 versions 1.2.2 through 1.3.4, consider updating to a version outside of this range to mitigate the risk. For krb5-devel version 1.2.2, restrict access to the vulnerable components until a patch is available. For krb5-server version 1.2.2, avoid using the vulnerable functions until the issue is resolved. For krb5-libs version 1.2.2, consider disabling the vulnerable library until a fix is provided. For krb5-workstation version 1.2.2, apply configuration changes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.