While it is a buffer overflow, no one has been able to exploit it. Kerberos has nothing to do with it. - todd