Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-1013
HistoryJun 07, 2012 - 12:00 a.m.

CVE-2012-1013

2012-06-0700:00:00
ubuntu.com
ubuntu.com
10

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.02 Low

EPSS

Percentile

88.6%

The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in
MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows
remote authenticated administrators to cause a denial of service (NULL
pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX
create request that lacks a password.

Bugs

Notes

Author Note
sbeattie can only be triggered by authenticated clients with admin privileges
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchkrb5< 1.8.1+dfsg-2ubuntu0.11UNKNOWN
ubuntu11.04noarchkrb5< 1.8.3+dfsg-5ubuntu2.3UNKNOWN
ubuntu11.10noarchkrb5< 1.9.1+dfsg-1ubuntu2.3UNKNOWN
ubuntu12.04noarchkrb5< 1.10+dfsg~beta1-2ubuntu0.3UNKNOWN

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.02 Low

EPSS

Percentile

88.6%

Related for UB:CVE-2012-1013