Your submission was sent successfully! Close

USN-1088-1: Kerberos vulnerability

15 March 2011

MIT Kerberos 5 Key Distribution Center (KDC) daemon denial of service vulnerability.



  • krb5 - MIT Kerberos primary server (kadmind)


Cameron Meadors discovered that the MIT Kerberos 5 Key Distribution
Center (KDC) daemon is vulnerable to a double-free condition if
the Public Key Cryptography for Initial Authentication (PKINIT)
capability is enabled. This could allow a remote attacker to cause
a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 10.10
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.