CVE-2012-1013 — Kerberos 5 vulnerability

9 documents8 sources

Severity

4.0MEDIUMNVD

EPSS

1.0%

top 22.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedJun 7

Latest updateMay 13

Description

The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶Debianmit/krb5< 1.10.1+dfsg-3+3

▶NVDmit/kerberos_513 versions+12

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-j6c8-vggw-4c3v: The check_1_6_dummy function in lib/kadm5/srv/svr_principal↗2022-05-13

▶

CVEList

CVE-2012-1013: The check_1_6_dummy function in lib/kadm5/srv/svr_principal↗2012-06-07

▶

OSV

CVE-2012-1013: The check_1_6_dummy function in lib/kadm5/srv/svr_principal↗2012-06-07

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2012-07-31

▶

Red Hat

krb5: kadmind denial of service↗2012-06-01

▶

Debian

CVE-2012-1013: krb5 - The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT ...↗2012

▶

💬Community

Bugzilla

CVE-2012-1013 krb5: kadmind denial of service↗2012-06-01

▶

Bugzilla

CVE-2012-1013 krb5: kadmind denial of service [fedora-all]↗2012-06-01

▶