Lucene search

[email protected]CVE-2016-3120

HistoryAug 01, 2016 - 2:59 a.m.

CVE-2016-3120

2016-08-0102:59:00

CWE-476

[email protected]

web.nvd.nist.gov

cve-2016-3120

information security

kdc

mit kerberos 5

krb5

denial of service

remote attack

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.049 Low

EPSS

Percentile

92.7%

JSON

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5eq1.13
mit:kerberos_5mit kerberos 5eq1.13.1
mit:kerberos_5mit kerberos 5eq1.13.2
mit:kerberos_5mit kerberos 5eq1.13.3
mit:kerberos_5mit kerberos 5eq1.13.4
mit:kerberos_5mit kerberos 5eq1.13.5
mit:kerberos_5mit kerberos 5eq1.13.6
mit:kerberos_5mit kerberos 5eq1.14
mit:kerberos_5mit kerberos 5eq1.14.1
mit:kerberos_5mit kerberos 5eq1.14.2

CPE	Name	Operator	Version
mit:kerberos_5	mit kerberos 5	eq	1.13
mit:kerberos_5	mit kerberos 5	eq	1.13.1
mit:kerberos_5	mit kerberos 5	eq	1.13.2
mit:kerberos_5	mit kerberos 5	eq	1.13.3
mit:kerberos_5	mit kerberos 5	eq	1.13.4
mit:kerberos_5	mit kerberos 5	eq	1.13.5
mit:kerberos_5	mit kerberos 5	eq	1.13.6
mit:kerberos_5	mit kerberos 5	eq	1.14
mit:kerberos_5	mit kerberos 5	eq	1.14.1
mit:kerberos_5	mit kerberos 5	eq	1.14.2