CVE-2013-1416
Published Apr 19, 2013
Last updated 4 years ago
Overview
- Description
- The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-476
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADAAA945-792F-419A-9045-01CE94A74320",
"versionEndExcluding": "1.10.5"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A8E07B7-3739-4BEB-88F8-C7F62431E889"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
}
],
"operator": "OR"
}
]
}
]