Don't have the full info yet but will post later.

Complete information about this errata can be found at the following location:
https://rhn.redhat.com/network/errata/errata_details.pxt?eid=1558

Security Advisory - RHSA-2003:051-30
------------------------------------------------------------------------------
Summary:
Updated kerberos packages fix various vulnerabilities

Updated Kerberos packages fix a number of vulnerabilities found in MIT
Kerberos.

Description:
Kerberos is a network authentication system. The MIT Kerberos team
released an advisory describing a number of vulnerabilities that affect the
kerberos packages shipped by Red Hat. These vulnerabilities include:

An integer signedness error in the ASN.1 decoder before version 1.2.5
allows remote attackers to cause a denial of service (crash) via a large
unsigned data element length, which is later used as a negative value. The
Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-0036 to this issue. Red Hat Linux 8.0 and later are not affected
by this issue.

The Key Distribution Center (KDC) before version 1.2.5 allows remote,
authenticated attackers to cause a denial of service (crash) on KDCs within
the same realm using a certain protocol request that causes a null
dereference (CAN-2003-0058). Red Hat Linux 8.0 and later are not affected
by this issue.

The Key Distribution Center (KDC) allows remote, authenticated attackers to
cause a denial of service (crash) on KDCs within the same realm using a
certain protocol request that causes an out-of-bounds read of an array
(CAN-2003-0072).

The Key Distribution Center (KDC) allows remote, authenticated attackers
to cause a denial of service (crash) on KDCs within the same realm using a
certain protocol request that causes the KDC to corrupt its heap
(CAN-2003-0082).

A vulnerability in Kerberos before version 1.2.3 allows users from one
realm to impersonate users in other realms that have the same inter-realm
keys (CAN-2003-0059). Red Hat Linux 7.3 and later are not affected by this
issue.

The MIT advisory for these issues also mentions format string
vulnerabilities in the logging routines (CAN-2003-0060). Previous versions
of the kerberos packages from Red Hat already contain fixes for this issue.

Vulnerabilities have been found in the support for triple-DES keys in the
implementation of the Kerberos IV authentication protocol which is included
in MIT Kerberos (CAN-2003-0139).

Vulnerabilities have been found in the Kerberos IV authentication protocol
which allow an attacker with knowledge of a cross-realm key, which is
shared with another realm, to impersonate any principal in that realm to
any service in that realm. This vulnerability can only be closed by
disabling cross-realm authentication in Kerberos IV (CAN-2003-0138).

Vulnerabilities have been found in the RPC library used by the kadmin
service in Kerberos 5. A faulty length check in the RPC library exposes
kadmind to an integer overflow which can be used to crash kadmind
(CAN-2003-0028).

All users of Kerberos are advised to upgrade to these errata packages,
which disable cross-realm authentication by default for Kerberos IV and
which contain backported patches that correct these issues.

References:
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
------------------------------------------------------------------------------