CVE-2000-0546

Description

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the lastrealm variable in the set_tgtkey function.

Affected products

• cygnus_network_security_project / cygnus_network_security
• kerbnet_project / kerbnet
• MIT / kerberos4.0
• MIT / kerberos4.0 – 4.0
• MIT / kerberos4.0 – 4.0
• MIT / Kerberos 51.0 – 1.0.7
• MIT / Kerberos 51.1 – 1.1
• MIT / Kerberos 51.1.1 – 1.1.1

References

• VENDOR_ADVISORYhttp://www.cert.org/advisories/CA-2000-11.html
• MISChttp://ciac.llnl.gov/ciac/bulletins/k-051.shtml
• MISChttp://www.securityfocus.com/bid/1338
• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
• VENDOR_ADVISORYhttp://web.mit.edu/kerberos/www/advisories/krb4kdc.txt