ID CVE-2016-3120
Summary The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos:5-1.13:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.13.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.13.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.13.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.13.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.14:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.14.2:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 04-02-2018 - 02:29)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1364993
title MS-KKDCP with TLS SNI requires HTTP Host header
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment krb5-devel is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591005
      • comment krb5-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863012
    • AND
      • comment krb5-libs is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591015
      • comment krb5-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863016
    • AND
      • comment krb5-pkinit is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591017
      • comment krb5-pkinit is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150439006
    • AND
      • comment krb5-server is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591009
      • comment krb5-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863010
    • AND
      • comment krb5-server-ldap is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591013
      • comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863006
    • AND
      • comment krb5-workstation is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591011
      • comment krb5-workstation is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100863014
    • AND
      • comment libkadm5 is earlier than 0:1.14.1-26.el7
        oval oval:com.redhat.rhsa:tst:20162591007
      • comment libkadm5 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162591008
rhsa
id RHSA-2016:2591
released 2016-11-03
severity Low
title RHSA-2016:2591: krb5 security, bug fix, and enhancement update (Low)
rpms
  • krb5-devel-0:1.14.1-26.el7
  • krb5-libs-0:1.14.1-26.el7
  • krb5-pkinit-0:1.14.1-26.el7
  • krb5-server-0:1.14.1-26.el7
  • krb5-server-ldap-0:1.14.1-26.el7
  • krb5-workstation-0:1.14.1-26.el7
  • libkadm5-0:1.14.1-26.el7
refmap via4
bid 92132
confirm
fedora FEDORA-2016-0674a3c372
mlist [debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update
sectrack 1036442
suse openSUSE-SU-2016:2268
Last major update 04-02-2018 - 02:29
Published 01-08-2016 - 02:59
Back to Top