Описание
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 1.14.3+dfsg-2ubuntu1 |
| bionic | not-affected | 1.14.3+dfsg-2ubuntu1 |
| cosmic | not-affected | 1.14.3+dfsg-2ubuntu1 |
| devel | not-affected | 1.14.3+dfsg-2ubuntu1 |
| disco | not-affected | 1.14.3+dfsg-2ubuntu1 |
| eoan | not-affected | 1.14.3+dfsg-2ubuntu1 |
| esm-infra-legacy/trusty | released | 1.12+dfsg-2ubuntu5.4 |
| esm-infra/bionic | not-affected | 1.14.3+dfsg-2ubuntu1 |
| esm-infra/focal | not-affected | 1.14.3+dfsg-2ubuntu1 |
| esm-infra/xenial | released | 1.13.2+dfsg-5ubuntu2.1 |
Показывать по
Ссылки на источники
3.5 Low
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_prin ...
3.5 Low
CVSS2
5.3 Medium
CVSS3