CVE-2013-1416

2013-04-19T11:44:00
ID CVE-2013-1416
Type cve
Reporter cve@mitre.org
Modified 2013-12-01T04:26:00

Description

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.