Denial Of Service (DoS)

2018-08-1303:20:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

JSON

libkrb5.so is vulnerable to denial of service (DoS) attacks. The vulnerability exists in the krb5_ldap_get_password_policy_from_dn function of plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c where an unauthenticated user can cause the daemon to crash through a successful LDAP query with no results.

CPENameOperatorVersion
libkrb5.sole26.0.0-7.7.0-6
krb5eq1.9__9.el6_1.1
krb5eq1.9__22.el6
krb5eq1.9__9.el6_1.2
krb5eq1.9__33.el6_3.2
krb5eq1.9__33.el6
krb5eq1.10.3__10.el6_4.2
krb5eq1.10.3__10.el6
krb5eq1.8.2__3.el6_0.3
krb5eq1.9__22.el6_2.1

Name	Operator	Version
libkrb5.so	le	26.0.0-7.7.0-6
krb5	eq	1.9__9.el6_1.1
krb5	eq	1.9__22.el6
krb5	eq	1.9__9.el6_1.2
krb5	eq	1.9__33.el6_3.2
krb5	eq	1.9__33.el6
krb5	eq	1.10.3__10.el6_4.2
krb5	eq	1.10.3__10.el6
krb5	eq	1.8.2__3.el6_0.3
krb5	eq	1.9__22.el6_2.1