MIT Kerberos 5 KDC krbtgt Ticket S4U2Self Request Denial of Service Vulnerability

A vulnerability in the Key Distribution Center (KDC) component of the MIT Kerberos 5 KDC (krb5) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to a reachable assertion condition that may occur when the affected software processes an S4U2Self request. An attacker who obtains a krbtgt ticket using an older encryption type could exploit this vulnerability by making an S4U2Self request to the targeted system. An exploit could cause the KDC component on the system to crash, resulting in a DoS condition.

MIT has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-20217

Source:: Cisco Multivendor Vulnerability Alerts