All versions of the kdc are vulnerable to a protocol bug in the kerberos v4 cross-realm operation.
0.5.2 has a new option to disable v4 cross-realm (while still supporting local-realm v4 and cross-realm v5).
If you are running a version older than 0.5.2 AND have Kerberos 4 support enabled in the KDC, you should remove all the cross-realm keys in your database until you have time to upgrade.
See also the MIT advisory and CAN-2003-0138.