Description
A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC
processed principal names that were not null terminated, when the KDC was
configured to use an LDAP back end. A remote attacker could use this flaw
to crash the KDC via a specially-crafted request. (CVE-2011-0282)
A denial of service flaw was found in the way the MIT Kerberos KDC
processed certain principal names when the KDC was configured to use an
LDAP back end. A remote attacker could use this flaw to cause the KDC to
hang via a specially-crafted request. (CVE-2011-0281)
A denial of service flaw was found in the way the MIT Kerberos V5 slave KDC
update server (kpropd) processed certain update requests for KDC database
propagation. A remote attacker could use this flaw to terminate the kpropd
daemon via a specially-crafted update request. (CVE-2010-4022)