DoS vulnerability patched in MIT Kerberos
An update for the MIT's Kerberos 5 implementation fixes a null-pointer dereference vulnerability that allows attackers to remotely crash the Key Distribution Center (KDC). According to an advisory by the MIT, sending a specially crafted client request to the KDC is all that is required to exploit the vulnerability.
The prep_reprocess_req() function, which is responsible for the bug, was only introduced in the current version krb5-1.7 of MIT Kerberos; previous versions are, therefore, not vulnerable. The imminent update krb5-1.7.1 will fix the flaw. A patch is already available.