MIT Kerberos Key Distribution Center (KDC) contains a flaw that may allow a remote attacker to crash the service and possibly execute arbitrary code. The issue is due to format string flaws in the logging routines and Kerberos principal name specifiers of the KDC. If an attacker provides a specially crafted request, they can crash the service or execute arbitrary code with the same privilege the server runs under.

Upgrade to version 1.2.5 or higher, as it has been reported to fix this vulnerability. It is possible to partially correct the flaw by implementing the following workaround: Start KDC from a loop in a shell script, or from inittab. Please note that inittab is not recommended because it may fail if the KDC is crashed often in a short period. However, this workaround does not address the possibility of exploiting the format string vulnerability to gain access to the host system, so an upgrade is strongly recommended.

• ISS X-Force ID: 11189
• CVE ID: 2003-0060 (see also: NVD)
• Bugtraq ID: 6712
• CERT VU: 787523
• Vendor Specific Advisory URL: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
• Generic Informational URL: http://www.ietf.org/rfc/rfc1510.txt

• E. Larry Lidz - ellidzeridu.uchicago.edu -