Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-1418

Published: 18/11/2013 Updated: 02/02/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Mit

Vulnerability Summary

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) prior to 1.10.7, when multiple realms are configured, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5

debian debian linux 7.0

opensuse opensuse 11.4

opensuse opensuse 12.2

opensuse opensuse 12.3

opensuse opensuse 13.1

Vendor Advisories

Debian CVElist Bug Report Logs: krb5: CVE-2013-1418: multi-realm KDC null dereference leads to crash
Debian Bug report logs - #728845 krb5: CVE-2013-1418: multi-realm KDC null dereference leads to crash Package: krb5; Maintainer for krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 6 Nov 2013 08:33:01 UTC Severity: important Tags: fixed-upstream, patch, secu ...
Ubuntu Security Notice: krb5 vulnerabilities
Several security issues were fixed in Kerberos ...
Amazon Linux AMI: ALAS-2014-443
It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEG ...

References

CWE-476http://web.mit.edu/kerberos/krb5-1.10/README-1.10.7.txthttp://krbdev.mit.edu/rt/Ticket/Display.html?id=7757https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89dhttp://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txthttps://bugzilla.redhat.com/show_bug.cgi?id=1026942http://advisories.mageia.org/MGASA-2013-0335.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00082.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00086.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00026.htmlhttp://www.securityfocus.com/bid/63555https://lists.debian.org/debian-lts-announce/2018/01/msg00040.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728845https://usn.ubuntu.com/2310-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook