Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1015

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-1015
Last Modified 04 Apr 2013 11:08:52
Published 06 Aug 2012 12:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1015

Summary

The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.

Vulnerable Systems

Application

  • Mit Kerberos 5-1.10

  • Mit Kerberos 5-1.10.1

  • Mit Kerberos 5-1.10.2

  • Mit Kerberos 5-1.8

  • Mit Kerberos 5-1.8.1

  • Mit Kerberos 5-1.8.2

  • Mit Kerberos 5-1.8.3

  • Mit Kerberos 5-1.8.4

  • Mit Kerberos 5-1.8.5

  • Mit Kerberos 5-1.8.6

  • Mit Kerberos 5-1.9.4


References

CONFIRM - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt

SUSE - openSUSE-SU-2012:0967

DEBIAN - DSA-2518

REDHAT - RHSA-2012:1131

MANDRIVA - MDVSA-2012:120


Last Updated: 27 May 2016 10:55:01