FreeBSD : krb5 -- KDC NULL pointer dereference in TGS handling (6c7d9a35-2608-11e1-89b4-001ec9578670)
Medium Nessus Plugin ID 57293
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe MIT Kerberos Team reports :
In releases krb5-1.9 and later, the KDC can crash due to a NULL pointer dereference in code that handles TGS (Ticket Granting Service) requests. The trigger condition is trivial to produce using unmodified client software, but requires the ability to authenticate as a principal in the KDC's realm.
SolutionUpdate the affected package.