Published: 18/11/2013 Updated: 21/01/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.10.1
mit kerberos 5 1.10
mit kerberos 5-1.10.6
mit kerberos 5-1.10.5
mit kerberos 5 1.10.4
mit kerberos 5-1.10.7
mit kerberos 5 1.10.3
mit kerberos 5 1.10.2

Several security issues were fixed in Kerberos ...

It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEG ...

NVD-CWE-Other https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757 http://www.securityfocus.com/bid/63770 https://usn.ubuntu.com/2310-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-6800

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect