Published: 05/03/2013 Updated: 02/02/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) prior to 1.10.4 and 1.11.x prior to 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5
mit kerberos 5 1.11
opensuse opensuse 11.4

Synopsis Moderate: krb5 security update Type/Severity Security Advisory: Moderate Topic Updated krb5 packages that fix two security issues are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability Scoring ...

Several security issues were fixed in Kerberos ...

Debian Bug report logs - #702633 CVE-2012-1016: NULL pointer dereference (DoS) in plugins/preauth/pkinit/pkinit_srvc Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Helmut Grohne <helmut@subdivide> Date: Sat, 9 Mar 2013 11:48:01 UTC Severity: serious Tags: patch, secur ...

Debian Bug report logs - #704775 krb5: KDC TGS-REQ null deref (CVE-2013-1416) Package: krb5-kdc; Maintainer for krb5-kdc is Sam Hartman <hartmans@debianorg>; Source for krb5-kdc is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Fri, 5 Apr 2013 18:36:01 UTC Severity: serious Tags: ...

CWE-476 http://krbdev.mit.edu/rt/Ticket/Display.html?id=7577 http://web.mit.edu/kerberos/www/krb5-1.11/http://web.mit.edu/kerberos/www/krb5-1.10/http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570 https://github.com/krb5/krb5/commit/f249555301940c6df3a2cdda13b56b5674eebc2e http://lists.opensuse.org/opensuse-updates/2013-03/msg00090.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:157 http://secunia.com/advisories/55040 https://access.redhat.com/errata/RHSA-2013:0656 https://usn.ubuntu.com/2310-1/https://nvd.nist.gov

CVE-2013-1415

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect