CVE-2011-1530

Name of the Vulnerable Software and Affected Versions mit-krb5 versions 1.9 through 1.9.2 mit-krb5 versions prior to 1.9.2-r1

Description The issue affects the Key Distribution Center (KDC) in MIT Kerberos 5, allowing remote authenticated users to cause a denial of service via a crafted TGS request. This can lead to a NULL pointer dereference and daemon crash. The vulnerability may compromise the confidentiality, integrity, and availability of protected information.

Recommendations For mit-krb5 versions 1.9 through 1.9.2, update to version 1.9.2-r1 or later to resolve the issue. For mit-krb5 versions prior to 1.9.2-r1, update to version 1.9.2-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the process tgs req function in the Key Distribution Center (KDC) to minimize the risk of exploitation.