Intrusion Prevention

Kerberos.KDC.Cross.Realm.Referral.DoS

Description

This indicates an attack attempt against a denial of service vulnerability in MIT's Kerberos.
The vulnerability is caused by a NULL pointer dereference error when the vulnerable software handles a specially crafted TGS request. It allows a remote attacker to cause a denial of service.

Affected Products

MIT Kerberos 5 1.7

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to krb5-1.7.1 or apply patch, available from the web site.
http://web.mit.edu/kerberos/advisories/2009-003-patch.txt

CVE References

CVE-2009-3295