Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 466268 (CVE-2013-1416) - <app-crypt/mit-krb5-1.11.1: KDC TGS-REQ Processing NULL-Pointer Dereference Denial of Service Vulnerability (CVE-2013-1416)
Summary: <app-crypt/mit-krb5-1.11.1: KDC TGS-REQ Processing NULL-Pointer Dereference D...
Status: RESOLVED FIXED
Alias: CVE-2013-1416
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/53104/
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-17 18:31 UTC by Agostino Sarubbo
Modified: 2013-12-16 17:53 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-04-17 18:31:07 UTC
From ${URL} :

Description
A vulnerability has been reported in Kerberos, which can be exploited by malicious users to cause a 
DoS (Denial of Service).

The vulnerability is caused due to a NULL-pointer dereference error within the 
"prep_reprocess_req()" function (src/kdc/do_tgs_req), which can be exploited to crash the KDC 
daemon by sending specially crafted requests.

The vulnerability is reported in versions 1.7 through 1.10.4.


Solution
Fixed in the git repository. The vulnerability will be fixed in the upcoming version (1.10.5).

Provided and/or discovered by
Revealed in a git commit.

Original Advisory
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7600
Comment 1 Agostino Sarubbo gentoo-dev 2013-04-17 18:34:19 UTC
@security: Please vote.
Comment 2 Sean Amoss gentoo-dev Security 2013-04-19 15:07:16 UTC
GLSA vote: yes.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-04-26 11:10:58 UTC
CVE-2013-1416 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1416):
  The prep_reprocess_req function in do_tgs_req.c in the Key Distribution
  Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly
  perform service-principal realm referral, which allows remote authenticated
  users to cause a denial of service (NULL pointer dereference and daemon
  crash) via a crafted TGS-REQ request.
Comment 4 Sergey Popov gentoo-dev Security 2013-08-22 12:10:44 UTC
GLSA vote: yes

Added to existing GLSA draft
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-12-16 17:53:56 UTC
This issue was resolved and addressed in
 GLSA 201312-12 at http://security.gentoo.org/glsa/glsa-201312-12.xml
by GLSA coordinator Sergey Popov (pinkbyte).