CVE-2013-1417

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (krb5) versions 1.11 through 1.11.3 mit-krb5 versions prior to 1.11.4

Description The issue allows remote authenticated users to cause a denial of service, potentially leading to a disruption in confidentiality, integrity, and availability of protected information. This can be triggered via a TGS-REQ request that causes an attempted cross-realm referral for a host-based service principal when a single-component realm name is used.

Recommendations For MIT Kerberos 5 (krb5) versions 1.11 through 1.11.3, update to version 1.11.4 or later to resolve the issue. For mit-krb5 versions prior to 1.11.4, update to version 1.11.4 or later to resolve the issue.