ID CVE-2016-3120
Summary The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 21-01-2020 - 15:47)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1364993
title MS-KKDCP with TLS SNI requires HTTP Host header
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment krb5-devel is earlier than 0:1.14.1-26.el7
          oval oval:com.redhat.rhsa:tst:20162591001
        • comment krb5-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599002
      • AND
        • comment krb5-libs is earlier than 0:1.14.1-26.el7
          oval oval:com.redhat.rhsa:tst:20162591003
        • comment krb5-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599004
      • AND
        • comment krb5-pkinit is earlier than 0:1.14.1-26.el7
          oval oval:com.redhat.rhsa:tst:20162591005
        • comment krb5-pkinit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599006
      • AND
        • comment krb5-server is earlier than 0:1.14.1-26.el7
          oval oval:com.redhat.rhsa:tst:20162591007
        • comment krb5-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599008
      • AND
        • comment krb5-server-ldap is earlier than 0:1.14.1-26.el7
          oval oval:com.redhat.rhsa:tst:20162591009
        • comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599010
      • AND
        • comment krb5-workstation is earlier than 0:1.14.1-26.el7
          oval oval:com.redhat.rhsa:tst:20162591011
        • comment krb5-workstation is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599012
      • AND
        • comment libkadm5 is earlier than 0:1.14.1-26.el7
          oval oval:com.redhat.rhsa:tst:20162591013
        • comment libkadm5 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599014
rhsa
id RHSA-2016:2591
released 2016-11-03
severity Low
title RHSA-2016:2591: krb5 security, bug fix, and enhancement update (Low)
rpms
  • krb5-debuginfo-0:1.14.1-26.el7
  • krb5-devel-0:1.14.1-26.el7
  • krb5-libs-0:1.14.1-26.el7
  • krb5-pkinit-0:1.14.1-26.el7
  • krb5-server-0:1.14.1-26.el7
  • krb5-server-ldap-0:1.14.1-26.el7
  • krb5-workstation-0:1.14.1-26.el7
  • libkadm5-0:1.14.1-26.el7
refmap via4
bid 92132
confirm
fedora FEDORA-2016-0674a3c372
mlist [debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update
sectrack 1036442
suse openSUSE-SU-2016:2268
Last major update 21-01-2020 - 15:47
Published 01-08-2016 - 02:59
Last modified 21-01-2020 - 15:47
Back to Top