Description
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
References (5)
Core 5
Core References
Patch, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.cert.org/advisories/CA-2000-11.html
Various Sources third-party-advisory
government-resource
x_refsource_ciac
http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Various Sources x_refsource_confirm
http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2000-031.html
Scores
EPSS
0.0133
EPSS Percentile
80.2%
Details
Status
published
Products (6)
cygnus/cygnus_network_security
4.0
cygnus/kerbnet
5.0
mit/kerberos
4.0
mit/kerberos_5
1.0
mit/kerberos_5
1.1
mit/kerberos_5
1.1.1
Published
Jun 09, 2000
Tracked Since
Feb 18, 2026