Lucene search

K
nvd[email protected]NVD:CVE-2016-3120
HistoryAug 01, 2016 - 2:59 a.m.

CVE-2016-3120

2016-08-0102:59:12
CWE-476
web.nvd.nist.gov
7

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0.049

Percentile

92.8%

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.

Affected configurations

Nvd
Node
mitkerberos_5Match1.13
OR
mitkerberos_5Match1.13.1
OR
mitkerberos_5Match1.13.2
OR
mitkerberos_5Match1.13.3
OR
mitkerberos_5Match1.13.4
OR
mitkerberos_5Match1.13.5
OR
mitkerberos_5Match1.13.6
OR
mitkerberos_5Match1.14
OR
mitkerberos_5Match1.14.1
OR
mitkerberos_5Match1.14.2
VendorProductVersionCPE
mitkerberos_51.13cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*
mitkerberos_51.13.1cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*
mitkerberos_51.13.2cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*
mitkerberos_51.13.3cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*
mitkerberos_51.13.4cpe:2.3:a:mit:kerberos_5:1.13.4:*:*:*:*:*:*:*
mitkerberos_51.13.5cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*
mitkerberos_51.13.6cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*
mitkerberos_51.14cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*
mitkerberos_51.14.1cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*
mitkerberos_51.14.2cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.1

Confidence

High

EPSS

0.049

Percentile

92.8%