CVE-2012-1013
published 2012-06-07CVE-2012-1013: The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote…
PriorityP419medium4CVSS 2.0
AVNACLAuSCNINAP
EPSS
3.12%
86.2th percentile
The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.10.1+dfsg-3 (bookworm) | krb5 1.10.1+dfsg-3 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.10.1+dfsg-3 | 1.10.1+dfsg-3 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-3 | 1.10.1+dfsg-3 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-3 | 1.10.1+dfsg-3 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-3 | 1.10.1+dfsg-3 |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.0MEDIUM
vendor_ubuntu5.5MEDIUM
vendor_debian4.0LOW
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j6c8-vggw-4c3v: The check_1_6_dummy function in lib/kadm5/srv/svr_principal
ghsa_unreviewed·2022-05-13
CVE-2012-1013 [MEDIUM] GHSA-j6c8-vggw-4c3v: The check_1_6_dummy function in lib/kadm5/srv/svr_principal
The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.
OSV
CVE-2012-1013: The check_1_6_dummy function in lib/kadm5/srv/svr_principal
osv·2012-06-07·CVSS 4.0
CVE-2012-1013 [MEDIUM] CVE-2012-1013: The check_1_6_dummy function in lib/kadm5/srv/svr_principal
The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2012-07-31·CVSS 5.5
CVE-2012-1012 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center
(KDC) daemon could free an uninitialized pointer when handling a
malformed AS-REQ message. A remote unauthenticated attacker could
use this to cause a denial of service or possibly execute arbitrary
code. (CVE-2012-1015)
Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center
(KDC) daemon could dereference an uninitialized pointer while handling
a malformed AS-REQ message. A remote unauthenticated attacker could
use this to cause a denial of service or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014)
Simo Sorce discovered that the MIT krb5 Key Distribution Center (KDC)
da
Red Hat
krb5: kadmind denial of service
vendor_redhat·2012-06-01·CVSS 4.0
CVE-2012-1013 [MEDIUM] krb5: kadmind denial of service
krb5: kadmind denial of service
The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.
Statement: Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 and 5.
Package: krb5 (Red Hat Enterprise Linux 4) - Not affected
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2012-1013: krb5 - The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT ...
vendor_debian·2012·CVSS 4.0
CVE-2012-1013 [MEDIUM] CVE-2012-1013: krb5 - The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT ...
The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.
Scope: local
bookworm: resolved (fixed in 1.10.1+dfsg-3)
bullseye: resolved (fixed in 1.10.1+dfsg-3)
forky: resolved (fixed in 1.10.1+dfsg-3)
sid: resolved (fixed in 1.10.1+dfsg-3)
trixie: resolved (fixed in 1.10.1+dfsg-3)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-1013 krb5: kadmind denial of service
bugzilla·2012-06-01·CVSS 4.0
CVE-2012-1013 [MEDIUM] CVE-2012-1013 krb5: kadmind denial of service
CVE-2012-1013 krb5: kadmind denial of service
MIT Kerberos 5 version 1.10.2 was released [1] and noted as fixing:
* Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the "create" privilege. [CVE-2012-1013]
No information is currently available on which versions are affected by this flaw.
[1] http://mailman.mit.edu/pipermail/kerberos-announce/2012q2/000136.html
Discussion:
Upstream bug report:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7152
And the upstream fix:
https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77b
This only affects krb5 1.8 and higher, and only clients authorized to create principals can trigger the bug (so requires administrative privileges).
---
Created krb5 tra
Bugzilla
CVE-2012-1013 krb5: kadmind denial of service [fedora-all]
bugzilla·2012-06-01·CVSS 4.0
CVE-2012-1013 [MEDIUM] CVE-2012-1013 krb5: kadmind denial of service [fedora-all]
CVE-2012-1013 krb5: kadmind denial of service [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=827517
Ple
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7152http://mailman.mit.edu/pipermail/kerberos-announce/2012q2/000136.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1131.htmlhttp://web.mit.edu/kerberos/krb5-1.10/http://www.mandriva.com/security/advisories?name=MDVSA-2012:102http://www.securityfocus.com/bid/53784https://bugzilla.redhat.com/show_bug.cgi?id=827517https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77bhttps://hermes.opensuse.org/messages/15083635http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7152http://mailman.mit.edu/pipermail/kerberos-announce/2012q2/000136.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1131.htmlhttp://web.mit.edu/kerberos/krb5-1.10/http://www.mandriva.com/security/advisories?name=MDVSA-2012:102http://www.securityfocus.com/bid/53784https://bugzilla.redhat.com/show_bug.cgi?id=827517https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77bhttps://hermes.opensuse.org/messages/15083635
2012-06-07
Published