A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request