Kerberos is a secure
Danish vulnerability clearinghouse Secunia described one of the flaws as an error in the MIT krb5 telnet daemon that surfaces when a username is processed. Attackers who exploited this can log in as an arbitrary user by providing a specially crafted username beginning with "-e".
Secunia said Kerberos also contained a boundary error in the "krb5_klog_syslog()" function within the kadm5 library, which attackers can exploit to cause a stack-based buffer overflow via an overly long string. A double-free error in the "kg_unseal_v1()" function within the MIT krb5 GSS-API library also exists. Attackers can exploit it to launch malicious code, Secunia said.
The Secunia advisory links to the advisories MIT released for the individual issues.