CVE-2013-1416

2013-04-1911:44:00

CWE-476

[email protected]

web.nvd.nist.gov

119

mit kerberos

krb5

cve-2013-1416

denial of service

null pointer dereference

daemon crash

nvd

5.7 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.956 High

EPSS

Percentile

99.4%

JSON

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5lt1.10.5
opensuse:opensuseopensuseeq12.3
opensuse:opensuseopensuseeq11.4
opensuse:opensuseopensuseeq12.2
opensuse:opensuseopensuseeq12.1
fedoraproject:fedorafedoraproject fedoraeq17
fedoraproject:fedorafedoraproject fedoraeq18
redhat:enterprise_linux_server_ausredhat enterprise linux server auseq6.4
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq6.0
redhat:enterprise_linux_serverredhat enterprise linux servereq6.0

CPE	Name	Operator	Version
mit:kerberos_5	mit kerberos 5	lt	1.10.5
opensuse:opensuse	opensuse	eq	12.3
opensuse:opensuse	opensuse	eq	11.4
opensuse:opensuse	opensuse	eq	12.2
opensuse:opensuse	opensuse	eq	12.1
fedoraproject:fedora	fedoraproject fedora	eq	17
fedoraproject:fedora	fedoraproject fedora	eq	18
redhat:enterprise_linux_server_aus	redhat enterprise linux server aus	eq	6.4
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	6.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	6.0