ID CVE-2016-3120
Summary The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos:5-1.14
    cpe:2.3:a:mit:kerberos:5-1.14
  • cpe:2.3:a:mit:kerberos:5-1.14.1
    cpe:2.3:a:mit:kerberos:5-1.14.1
  • MIT Kerberos 5-1.14.2
    cpe:2.3:a:mit:kerberos:5-1.14.2
  • cpe:2.3:a:mit:kerberos:5-1.13.4
    cpe:2.3:a:mit:kerberos:5-1.13.4
  • MIT Kerberos 5-1.13.5
    cpe:2.3:a:mit:kerberos:5-1.13.5
  • MIT Kerberos 5-1.13.6
    cpe:2.3:a:mit:kerberos:5-1.13.6
  • MIT Kerberos 5 1.13.3
    cpe:2.3:a:mit:kerberos:5-1.13.3
  • MIT Kerberos 5 1.13.2
    cpe:2.3:a:mit:kerberos:5-1.13.2
  • MIT Kerberos 5 1.13.1
    cpe:2.3:a:mit:kerberos:5-1.13.1
  • MIT Kerberos 5-1.13
    cpe:2.3:a:mit:kerberos:5-1.13
CVSS
Base: 4.0 (as of 01-08-2016 - 13:45)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
redhat via4
advisories
bugzilla
id 1364993
title MS-KKDCP with TLS SNI requires HTTP Host header
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment krb5 is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591019
      • comment krb5 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863006
    • AND
      • comment krb5-devel is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591005
      • comment krb5-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863014
    • AND
      • comment krb5-libs is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591015
      • comment krb5-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863018
    • AND
      • comment krb5-pkinit is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591017
      • comment krb5-pkinit is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150439008
    • AND
      • comment krb5-server is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591009
      • comment krb5-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863012
    • AND
      • comment krb5-server-ldap is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591013
      • comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863008
    • AND
      • comment krb5-workstation is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591011
      • comment krb5-workstation is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863016
    • AND
      • comment libkadm5 is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591007
      • comment libkadm5 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162591008
rhsa
id RHSA-2016:2591
released 2016-11-03
severity Low
title RHSA-2016:2591: krb5 security, bug fix, and enhancement update (Low)
rpms
  • krb5-0:1.14.1-26.el7
  • krb5-devel-0:1.14.1-26.el7
  • krb5-libs-0:1.14.1-26.el7
  • krb5-pkinit-0:1.14.1-26.el7
  • krb5-server-0:1.14.1-26.el7
  • krb5-server-ldap-0:1.14.1-26.el7
  • krb5-workstation-0:1.14.1-26.el7
  • libkadm5-0:1.14.1-26.el7
refmap via4
bid 92132
confirm
fedora FEDORA-2016-0674a3c372
sectrack 1036442
suse openSUSE-SU-2016:2268
Last major update 28-11-2016 - 15:06
Published 31-07-2016 - 22:59
Last modified 31-08-2017 - 21:29
Back to Top