Novell Kerberos KDC Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Novell Kerberos KDC, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by errors in Kerberos.

1. A NULL pointer dereference error in the "spnego_gss_accept_sec_context()" [src/lib/gssapi/spnego/spnego_mech.c] function when processing a NegTokenInit token with invalid ContextFlags for the reqFlags field, which could allow attackers to crash an affected server, creating a denial of service condition.

2. The "asn1_decode_generaltime()" function in the ASN.1 decoder freeing an uninitialized pointer when decoding an invalid encoding, which could allow an unauthenticated remote attacker to crash the Kerberos administration daemon (kadmind) or the KDC or execute arbitrary code.

3. An error in the "get_input_token()" function in the implementation of the SPNEGO GSS-API mechanism, which could cause a GSS-API application or the Kerberos administration daemon (kadmind) to crash or disclose certain information by reading from invalid address space.

4. An error in the PK-INIT code where an incorrect length check is performed inside the ASN.1 decoder, which could be exploited by an unauthenticated remote attacker to cause a KDC or kinit program to crash.