krb5
Page content
- Author: Miklos Vajna
- Vulnerable: 1.7-4
- Unaffected: 1.7-5locris1
A vulnerability has been reported in Kerberos, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error within the “spnego_gss_accept_sec_context()” function in src/lib/gssapi/spnego/spnego_mech.c when receiving an invalid packet, which can be exploited to e.g. crash an application using the library by sending a specially crafted packet.
- Bug Tracker URL: http://bugs.frugalware.org/task/4137