Description
It was found that if a KDC served multiple realms, certain requests could
cause the setup_server_realm() function to dereference a NULL pointer.
A remote, unauthenticated attacker could use this flaw to crash the KDC
using a specially crafted request. (CVE-2013-1418, CVE-2013-6800)
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO
acceptor for continuation tokens. A remote, unauthenticated attacker could
use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)
A buffer over-read flaw was found in the way MIT Kerberos handled certain
requests. A man-in-the-middle attacker with a valid Kerberos ticket who is
able to inject packets into a client or server application's GSSAPI session
could use this flaw to crash the application. (CVE-2014-4341)