FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- ASN.1 decoder denial-of-service vulnerability

Affected packages
1.2.2 <= krb5 <= 1.3.4


VuXML ID bd60922b-fb8d-11d8-a13e-000a95bc6fae
Discovery 2004-08-31
Entry 2004-08-31

An advisory published by the MIT Kerberos team says:

The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack.

An unauthenticated remote attacker can cause a KDC or application server to hang inside an infinite loop.

An attacker impersonating a legitimate KDC or application server may cause a client program to hang inside an infinite loop.


CERT/CC Vulnerability Note 550464
CVE Name CVE-2004-0644