Published: 06/08/2012 Updated: 21/01/2020

CVSS v2 Base Score: 9 | Impact Score: 8.5 | Exploitability Score: 10

VMScore: 801

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C

The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x prior to 1.10.3 does not initialize a certain structure member, which allows remote malicious users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.10
mit kerberos 5 1.10.1
mit kerberos 5 1.10.2

Debian Bug report logs - #683429 CVE-2012-1014/CVE-2012-1015: KDC heap corruption and crash vulnerabilities Package: krb5; Maintainer for krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Henri Salo <henri@nervfi> Date: Tue, 31 Jul 2012 18:45:02 UTC Severity: important Tags: security Found in version 183+df ...

Several security issues were fixed in Kerberos ...

Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol CVE-2012-1014 By sending specially crafted AS-REQ (Authentication Service Request) to a KDC (Key Distribution Center), an attacker could make it free an uninitialized pointer, corrupting the heap Thi ...

NVD-CWE-Other http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt http://lists.opensuse.org/opensuse-updates/2012-08/msg00016.html http://www.debian.org/security/2012/dsa-2518 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429 https://usn.ubuntu.com/1520-1/https://nvd.nist.gov

CVE-2012-1014

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect