CVE-2012-1014

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions 1.10.x through 1.10.2 MIT Kerberos 5 versions prior to 1.11.4

Description The issue is related to the process as req function in the Key Distribution Center (KDC) of MIT Kerberos 5, which does not initialize a certain structure member. This allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed AS-REQ request. Multiple vulnerabilities in the mit-krb5 package can lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For versions 1.10.x through 1.10.2, update to version 1.10.3 or later. For versions prior to 1.11.4, update to version 1.11.4 or later. As a temporary workaround, consider restricting access to the KDC to minimize the risk of exploitation.