An unprivileged (either authenticated or unauthenticated) remote user may be able to execute arbitrary code with elevated privileges on Kerberos systems due to a double-free error in the krb5_recvauth() library routine. The privileges attained would depend on the affected program that utilizes the krb5_recvauth() routine; some affected applications such as kpropd() run with root privileges on slave Key Distribution Center (KDC) hosts, which means its potentially possible to compromise an entire Kerberos realm.
This issue is described in MIT krb5 Security Advisory 2005-003 available at
This issue is also referenced in the following documents:
CAN-2005-1689 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1689
CERT VU#623332 at http://www.kb.cert.org/vuls/id/623332.