The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) up to and including 1.7.1 and 1.8 prior to 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mit kerberos 5 |
||
debian debian linux 5.0 |
||
debian debian linux 6.0 |
||
canonical ubuntu linux 6.06 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 9.04 |
||
canonical ubuntu linux 9.10 |
||
canonical ubuntu linux 10.04 |
||
oracle database server - |
||
opensuse opensuse 11.0 |
||
opensuse opensuse 11.1 |
||
opensuse opensuse 11.2 |
||
opensuse opensuse 11.3 |
||
suse linux enterprise server 10 |
||
suse linux enterprise server 11 |
||
fedoraproject fedora 11 |
||
fedoraproject fedora 12 |
||
fedoraproject fedora 13 |