MIT krb5 Security Advisory 2009-001 – The MIT krb5 implementation of the SPNEGO GSS-API mechanism can read beyond the end of a network input buffer. This can cause a GSS-API application to crash by reading from invalid address space. The MIT krb5 implementation of the SPNEGO GSS-API mechanism can dereference a null pointer under error conditions. This can cause a GSS-API application to crash. MIT krb5 can perform an incorrect length check inside an ASN.1 decoder. This only presents a problem in the PK-INIT code paths. In the MIT krb5 KDC or kinit program, this could lead to spurious malloc() failures or, under some conditions, program crash.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76430/MITKRB5-SA-2009-001.txt
Source: https://packetstormsecurity.com/files/76430/MIT-krb5-Security-Advisory-2009-001.html