Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 466268 (CVE-2013-1416)

Summary: <app-crypt/mit-krb5-1.11.1: KDC TGS-REQ Processing NULL-Pointer Dereference Denial of Service Vulnerability (CVE-2013-1416)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: kerberos
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/53104/
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-04-17 18:31:07 UTC
From ${URL} :

Description
A vulnerability has been reported in Kerberos, which can be exploited by malicious users to cause a 
DoS (Denial of Service).

The vulnerability is caused due to a NULL-pointer dereference error within the 
"prep_reprocess_req()" function (src/kdc/do_tgs_req), which can be exploited to crash the KDC 
daemon by sending specially crafted requests.

The vulnerability is reported in versions 1.7 through 1.10.4.


Solution
Fixed in the git repository. The vulnerability will be fixed in the upcoming version (1.10.5).

Provided and/or discovered by
Revealed in a git commit.

Original Advisory
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7600
Comment 1 Agostino Sarubbo gentoo-dev 2013-04-17 18:34:19 UTC
@security: Please vote.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2013-04-19 15:07:16 UTC
GLSA vote: yes.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-04-26 11:10:58 UTC
CVE-2013-1416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1416):
  The prep_reprocess_req function in do_tgs_req.c in the Key Distribution
  Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly
  perform service-principal realm referral, which allows remote authenticated
  users to cause a denial of service (NULL pointer dereference and daemon
  crash) via a crafted TGS-REQ request.
Comment 4 Sergey Popov gentoo-dev 2013-08-22 12:10:44 UTC
GLSA vote: yes

Added to existing GLSA draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-12-16 17:53:56 UTC
This issue was resolved and addressed in
 GLSA 201312-12 at http://security.gentoo.org/glsa/glsa-201312-12.xml
by GLSA coordinator Sergey Popov (pinkbyte).