[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2013-1416

Date: (C)2013-04-23   (M)2017-11-18 


The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

CVSS Score: 4.0Access Vector: NETWORK
Exploit Score: 8.0Access Complexity: LOW
Impact Score: 2.9Authentication: SINGLE_INSTANCE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL





Reference:
FEDORA-2013-5280
FEDORA-2013-5286
IAVM:2013-B-0044
MDVSA-2013:157
MDVSA-2013:158
RHSA-2013:0748
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600
https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81
openSUSE-SU-2013:0746
openSUSE-SU-2013:0904
openSUSE-SU-2013:0967

CPE    49
cpe:/a:mit:kerberos:5-1.10.4
cpe:/a:mit:kerberos:5-1.10.3
cpe:/a:mit:kerberos:5-1.8.6
cpe:/a:mit:kerberos:5-1.8.5
...
CWE    1
CWE-119
OVAL    11
oval:org.secpod.oval:def:104847
oval:org.secpod.oval:def:104844
oval:org.secpod.oval:def:1300191
oval:org.secpod.oval:def:104907
...

© 2013 SecPod Technologies