December 11, 2000
Kerberos 4 buffer overflow vulnerability
Author: JT Smith
"When a service using KTH Kerberos 4 recieves a response from a Kerberos server during the authentication process, it performs a memory copy of data contained within the packet to a buffer of predefined size on the process' stack. It may be possible for an attacker to exploit this and gain root access on the host running the Kerberos-enabled service in the traditional buffer overflow manner." Full details at SecurityFocus.com.