Description
A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An
authenticated attacker with permission to modify a principal entry could use
this flaw to cause kadmind to dereference a null pointer and crash by supplying
an empty DB argument to the modify_principal command, if kadmind was configured
to use the LDAP KDB module. (CVE-2016-3119)
* A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An
authenticated attacker could use this flaw to cause krb5kdc to dereference a
null pointer and crash by making an S4U2Self request, if the
restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120)