Published: 01/08/2016 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) prior to 1.13.6 and 1.4.x prior to 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.13
mit kerberos 5 1.13.1
mit kerberos 5 1.13.2
mit kerberos 5 1.13.3
mit kerberos 5 1.13.4
mit kerberos 5 1.13.5
mit kerberos 5 1.13.6
mit kerberos 5 1.14
mit kerberos 5 1.14.1
mit kerberos 5 1.14.2

Debian Bug report logs - #819468 krb5: CVE-2016-3119: null pointer dereference in kadmin Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 29 Mar 2016 05:15:01 UTC Severity: important Tags: fixed-upstream, patch, security, ...

Debian Bug report logs - #832572 krb5: CVE-2016-3120: Fix S4U2Self KDC crash when anon is restricted Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 27 Jul 2016 05:48:01 UTC Severity: important Tags: patch, security, ups ...

Debian Bug report logs - #869260 CVE-2017-11368 Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 22 Jul 2017 06:42:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in version krb5/1101+dfsg-5 Fixed in v ...

Debian Bug report logs - #783557 CVE-2015-2694 in krb5-otp, krb5-pkinit Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 27 Apr 2015 22:39:02 UTC Severity: normal Tags: fixed-upstream, security, upstream Found in version krb5/112 ...

A NULL pointer dereference flaw was found in MIT Kerberos kadmind service An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module (CVE-20 ...

CWE-476 http://web.mit.edu/kerberos/krb5-1.13/http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7 http://web.mit.edu/kerberos/krb5-1.14/http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html http://www.securityfocus.com/bid/92132 http://www.securitytracker.com/id/1036442 http://rhn.redhat.com/errata/RHSA-2016-2591.html https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819468 https://alas.aws.amazon.com/ALAS-2017-793.html

CVE-2016-3120

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect