CVE-2016-3120

Опубликовано: 19 июл. 2016

Источник: redhat

CVSS3: 5.3

CVSS2: 3.5

EPSS Низкий

Описание

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.

A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	krb5	Not affected
Red Hat Enterprise Linux 6	krb5	Will not fix
Red Hat JBoss Enterprise Application Platform 6	krb5	Not affected
Red Hat JBoss Enterprise Application Platform 7	krb5	Not affected
Red Hat JBoss Enterprise Web Server 2	krb5	Not affected
Red Hat JBoss Enterprise Web Server 3	krb5	Not affected
Red Hat Enterprise Linux 7	krb5	Fixed	RHSA-2016:2591	03.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1361050krb5: S4U2Self KDC crash when anon is restricted

EPSS

Процентиль: 82%

0.01887

Низкий

5.3 Medium

CVSS3

3.5 Low

CVSS2

Связанные уязвимости

CVE-2016-3120

CVSS3: 6.5

ubuntu

около 9 лет назад

CVE-2016-3120

CVSS3: 6.5

nvd

около 9 лет назад

CVE-2016-3120

CVSS3: 6.5

debian

около 9 лет назад

The validate_as_request function in kdc_util.c in the Key Distribution ...

openSUSE-SU-2016:2268-1

suse-cvrf

около 9 лет назад

Security update for krb5

SUSE-SU-2016:2136-1

suse-cvrf

около 9 лет назад

Security update for krb5

EPSS

Процентиль: 82%

0.01887

Низкий

5.3 Medium

CVSS3

3.5 Low

CVSS2