Описание
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
A resource-access flaw was discovered in krb5; the SPNEGO mechanism operates under an incorrect assumption when dealing with its context handles. If an application calls gss_inquire_context() on a partially-established SPNEGO context, an unauthenticated, remote attacker could possibly exploit this flaw by sending a specially crafted SPNEGO packet and crashing the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | krb5 | Will not fix | ||
| Red Hat Enterprise Linux 5 | krb5 | Will not fix | ||
| Red Hat Enterprise Linux 6 | krb5 | Will not fix | ||
| Red Hat Enterprise Linux 7 | krb5 | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1. ...
EPSS
4.3 Medium
CVSS2