The prep_reprocess_req function in kdc/do_tgs_req.c in the
cross-realm referral implementation in the Key Distribution Center
(KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote
attackers to cause a denial of service (NULL pointer dereference and
daemon crash) via a ticket request.
The most recent release in the tree is now 1.8.3, not affected. B4-rated vulnerabilities get a GLSA vote.
GLSA Vote: yes.
Yes, added to glsa for #323525.
This issue was resolved and addressed in
GLSA 201201-13 at http://security.gentoo.org/glsa/glsa-201201-13.xml
by GLSA coordinator Sean Amoss (ackle).