The validate_as_request function in kdc_util.c in the Key Distribution
Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before
1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client
data structure, which allows remote authenticated users to cause a denial of
service (NULL pointer dereference and daemon crash) via an S4U2Self request.
@Maintainers we have 1.14.3 in tree which is fixed, please call for stabilization when ready.
Arches, please test and mark stable
Target Keywords = alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86
Stable on alpha.
x86 stable (ignoring test failures from bug 637526).
arm stable, all arches done.
@maintainer(s), please clean the vulnerable versions.
(In reply to Eray Aslan from comment #11)
> cleanup done
Thank you. Closing report.
tatt says it looks good on sparc
sparc stable (thanks to Rolf Eike Beer)