4

CVE-2013-1416

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version < 1.10.5
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.1
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
FedoraprojectFedora Version17
FedoraprojectFedora Version18
RedhatEnterprise Linux Eus Version6.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.92% 0.852
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.mandriva.com/security/advisories?name=MDVSA-2013:157
Third Party Advisory
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102058.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102074.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-05/msg00011.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-06/msg00041.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-06/msg00102.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2013-0748.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:158
Third Party Advisory
https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81
Patch
Third Party Advisory