MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities

http://www.securityfocus.com/bid/37749

"MIT Kerberos is prone to multiple integer-underflow vulnerabilities
because it fails to properly handle malformed encrypted data.

Attackers can exploit these issues to execute arbitrary code with
SYSTEM-level privileges. Failed attacks will result in denial-of-service
conditions.

Versions prior to Kerberos 5 1.6.4 and 1.7.1 are vulnerable."

This affects multiple OSs, including RHEL, Solaris, Ubuntu, Debian and
Mandrake. It is recommended to update to the latest version of these
packages.