Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1013

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-1013
Last Modified 01 Apr 2013 11:15:47
Published 07 Jun 2012 03:55:07
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-1013

Summary

The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.

Vulnerable Systems

Application

  • Mit Kerberos 5-1.10

  • Mit Kerberos 5-1.10.1

  • Mit Kerberos 5-1.8

  • Mit Kerberos 5-1.8.1

  • Mit Kerberos 5-1.8.2

  • Mit Kerberos 5-1.8.3

  • Mit Kerberos 5-1.8.4

  • Mit Kerberos 5-1.8.5

  • Mit Kerberos 5-1.8.6

  • Mit Kerberos 5-1.9

  • Mit Kerberos 5-1.9.1

  • Mit Kerberos 5-1.9.2

  • Mit Kerberos 5-1.9.3


References

CONFIRM - https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77b

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=827517

CONFIRM - http://web.mit.edu/kerberos/krb5-1.10/

MLIST - [kerberos-announce] 20120531 krb5-1.10.2 is released

CONFIRM - http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7152

SUSE - openSUSE-SU-2012:0834

MANDRIVA - MDVSA-2012:102

REDHAT - RHSA-2012:1131

BID - 53784


Last Updated: 27 May 2016 10:49:36