SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2012-1013

The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.0
Exploit Score: 8.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL

Reference:

BID-53784

MDVSA-2012:102

RHSA-2012:1131

http://mailman.mit.edu/pipermail/kerberos-announce/2012q2/000136.html

http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7152

http://web.mit.edu/kerberos/krb5-1.10/

https://bugzilla.redhat.com/show_bug.cgi?id=827517

https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77b

openSUSE-SU-2012:0834


30479



423868



250363



909



196124



282