CVE-2012-1014
published 2012-08-06CVE-2012-1014: The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure…
PriorityP341critical9CVSS 2.0
AVNACLAuNCPIPAC
EPSS
4.34%
90.0th percentile
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.10.1+dfsg-2 (bookworm) | krb5 1.10.1+dfsg-2 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.10.1+dfsg-2 | 1.10.1+dfsg-2 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-2 | 1.10.1+dfsg-2 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-2 | 1.10.1+dfsg-2 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-2 | 1.10.1+dfsg-2 |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:N/C:P/I:P/A:C
osv9.0CRITICAL
vendor_debian9.0CRITICAL
vendor_redhat9.0CRITICAL
vendor_ubuntu5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4x54-5wgw-wc8c: The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
ghsa_unreviewed·2022-05-13
CVE-2012-1014 [HIGH] GHSA-4x54-5wgw-wc8c: The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
OSV
CVE-2012-1014: The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
osv·2012-08-06·CVSS 9.0
CVE-2012-1014 [CRITICAL] CVE-2012-1014: The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
Red Hat
krb5: KDC daemon crash via de-reference of an uninitialized pointer
vendor_redhat·2012-07-31·CVSS 9.0
CVE-2012-1014 [CRITICAL] krb5: KDC daemon crash via de-reference of an uninitialized pointer
krb5: KDC daemon crash via de-reference of an uninitialized pointer
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
Statement: Not Vulnerable. This issue does not affect the version of krb5 package as shipped with Red Hat Enterprise Linux 5 and 6.
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Package: krb5 (Red Hat Enterprise Linux 6) - Not affected
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2012-07-31·CVSS 5.5
CVE-2012-1012 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center
(KDC) daemon could free an uninitialized pointer when handling a
malformed AS-REQ message. A remote unauthenticated attacker could
use this to cause a denial of service or possibly execute arbitrary
code. (CVE-2012-1015)
Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center
(KDC) daemon could dereference an uninitialized pointer while handling
a malformed AS-REQ message. A remote unauthenticated attacker could
use this to cause a denial of service or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014)
Simo Sorce discovered that the MIT krb5 Key Distribution Center (KDC)
da
Debian
CVE-2012-1014: krb5 - The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos...
vendor_debian·2012·CVSS 9.0
CVE-2012-1014 [CRITICAL] CVE-2012-1014: krb5 - The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos...
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
Scope: local
bookworm: resolved (fixed in 1.10.1+dfsg-2)
bullseye: resolved (fixed in 1.10.1+dfsg-2)
forky: resolved (fixed in 1.10.1+dfsg-2)
sid: resolved (fixed in 1.10.1+dfsg-2)
trixie: resolved (fixed in 1.10.1+dfsg-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-1014 krb5: KDC daemon crash via de-reference of an uninitialized pointer [fedora-17]
bugzilla·2012-07-31·CVSS 9.0
CVE-2012-1014 [CRITICAL] CVE-2012-1014 krb5: KDC daemon crash via de-reference of an uninitialized pointer [fedora-17]
CVE-2012-1014 krb5: KDC daemon crash via de-reference of an uninitialized pointer [fedora-17]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/n
Bugzilla
CVE-2012-1014 krb5: KDC daemon crash via de-reference of an uninitialized pointer
bugzilla·2012-07-06·CVSS 9.0
CVE-2012-1014 [CRITICAL] CVE-2012-1014 krb5: KDC daemon crash via de-reference of an uninitialized pointer
CVE-2012-1014 krb5: KDC daemon crash via de-reference of an uninitialized pointer
The MIT krb5 KDC daemon can dereference an uninitialized pointer while processing a malformed AS-REQ, causing the daemon to abnormally terminate. This vulnerability could theoretically lead to the execution of malicious code, but that is believed to be very difficult.
The KDC in releases krb5-1.10 and later is vulnerable to this flaw.
Reference: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt
Patch: http://web.mit.edu/kerberos/advisories/2012-001-patch.txt
Acknowledgements:
Red Hat would like to thank the MIT Kerberos project for reporting this issue. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of the flaw.
Discussion:
Looking at the patch in the advisory
http://lists.opensuse.org/opensuse-updates/2012-08/msg00016.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txthttp://www.debian.org/security/2012/dsa-2518http://lists.opensuse.org/opensuse-updates/2012-08/msg00016.htmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txthttp://www.debian.org/security/2012/dsa-2518
2012-08-06
Published