MITKRB5-SA-2003-05: Buffer overrun and underrun in principal name handling

Ken Raeburn raeburn at MIT.EDU
Thu Mar 20 16:47:22 EST 2003

This advisory has been updated on our web site.

The patch is now contained in a separate text file, with a separate
PGP signature available.

The advisory text now notes that it includes information also
published in the following vulnerability notes:

   CVE CAN-2003-0082

      Buffer underrun

   CVE CAN-2003-0072

      Array overrun -- only the portions that appeared to affect a server
      with no strange realm configurations were included here.

This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:

The main MIT Kerberos web page is at:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 231 bytes
Desc: not available
Url :
-------------- next part --------------
kerberos-announce mailing list
kerberos-announce at

More information about the krbdev mailing list