Description
Multiple integer underflow flaws, leading to heap-based corruption, were
found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted
ciphertexts encrypted with the Advanced Encryption Standard (AES) and
ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to
provide a specially-crafted AES- or RC4-encrypted ciphertext or texts, it
could potentially lead to either a denial of service of the central KDC
(KDC crash or abort upon processing the crafted ciphertext), or arbitrary
code execution with the privileges of the KDC (i.e., root privileges).
(CVE-2009-4212)