Denial Of Service (DoS)

2019-01-1508:52:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

Kerberos is vulnerable to denial of service. A NULL pointer dereference occurs when certain Ticket-granting Server (TGS) requests are processed. This allows a remote authenticated attacker to crash process via a malicious TGS request.

CPENameOperatorVersion
krb5eq1.9__33.el6_3.3
krb5eq1.8.2__3.el6_0.7
krb5eq1.9__22.el6
krb5eq1.9__9.el6_1.2
krb5eq1.8.2__3.el6
krb5eq1.8.2__3.el6_0.3
krb5eq1.9__22.el6_2.1
krb5eq1.8.2__3.el6_0.6
krb5eq1.9__33.el6_3.2
krb5eq1.8.2__3.el6_0.1

Name	Operator	Version
krb5	eq	1.9__33.el6_3.3
krb5	eq	1.8.2__3.el6_0.7
krb5	eq	1.9__22.el6
krb5	eq	1.9__9.el6_1.2
krb5	eq	1.8.2__3.el6
krb5	eq	1.8.2__3.el6_0.3
krb5	eq	1.9__22.el6_2.1
krb5	eq	1.8.2__3.el6_0.6
krb5	eq	1.9__33.el6_3.2
krb5	eq	1.8.2__3.el6_0.1