CVE-2013-1416

 

Published at: - 19-04-2013 01:44

Last modified: - 19-10-2022 04:59

Total changes: - 3

Description

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:N/I:N/A:P

 

Verification logic

 

Reference

• http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600
• https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81
• openSUSE-SU-2013:0746-Mailing List, Third Party Advisory
• RHSA-2013:0748-Third Party Advisory
• openSUSE-SU-2013:0904-Mailing List, Third Party Advisory
• openSUSE-SU-2013:0967-Mailing List, Third Party Advisory
• MDVSA-2013:158-Third Party Advisory
• MDVSA-2013:157-Third Party Advisory
• FEDORA-2013-5286-Third Party Advisory
• FEDORA-2013-5280-Third Party Advisory

 

Keywords

NVD

 

CVE-2013-1416

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures