Lucene search

K
freebsdFreeBSD6C7D9A35-2608-11E1-89B4-001EC9578670
HistoryDec 11, 2011 - 12:00 a.m.

krb5 -- KDC null pointer dereference in TGS handling

2011-12-1100:00:00
vuxml.freebsd.org
13

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

EPSS

0.013

Percentile

86.0%

The MIT Kerberos Team reports:

In releases krb5-1.9 and later, the KDC can crash due to a NULL
pointer dereference in code that handles TGS (Ticket Granting
Service) requests. The trigger condition is trivial to produce
using unmodified client software, but requires the ability to
authenticate as a principal in the KDC’s realm.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchkrb5= 1.9UNKNOWN
FreeBSDanynoarchkrb5< 1.9.2_1UNKNOWN

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

EPSS

0.013

Percentile

86.0%