CVE-2012-1016 — NULL Pointer Dereference in Kerberos 5

CWE-476 — NULL Pointer Dereference10 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 29.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedMar 5

Latest updateMay 13

Description

The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmit/kerberos_5< 1.10.4

▶Debianmit/krb5< 1.10.1+dfsg-4+nmu1+3

▶Ubuntumit/krb5< 1.12+dfsg-2ubuntu4.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-677f-pp67-87jc: The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv↗2022-05-13

▶

OSV

krb5 vulnerabilities↗2014-08-11

▶

OSV

CVE-2012-1016: The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv↗2013-03-05

▶

CVEList

CVE-2012-1016: The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv↗2013-03-03

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2014-08-11

▶

Red Hat

krb5: PKINIT null pointer deref leads to DoS↗2013-02-15

▶

Debian

CVE-2012-1016: krb5 - The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c ...↗2012

▶

💬Community

Bugzilla

CVE-2012-1016 krb5: PKINIT null pointer deref leads to DoS↗2013-03-04

▶

Bugzilla

CVE-2012-1016 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid()) [fedora-all]↗2013-03-04

▶