CVE-2012-1016
published 2013-03-05CVE-2012-1016: The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.58%
83.3th percentile
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.10.1+dfsg-4+nmu1 (bookworm) | krb5 1.10.1+dfsg-4+nmu1 (bookworm) |
| mit | kerberos_5 | < 1.10.4 | 1.10.4 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-4+nmu1 | 1.10.1+dfsg-4+nmu1 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-4+nmu1 | 1.10.1+dfsg-4+nmu1 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-4+nmu1 | 1.10.1+dfsg-4+nmu1 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-4+nmu1 | 1.10.1+dfsg-4+nmu1 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu4.2 | 1.12+dfsg-2ubuntu4.2 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2014-08-11·CVSS 5.0
CVE-2012-1016 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that Kerberos incorrectly handled certain crafted Draft 9
requests. A remote attacker could use this issue to cause the daemon to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2012-1016)
It was discovered that Kerberos incorrectly handled certain malformed
KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this
issue to cause the daemon to crash, resulting in a denial of service. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)
It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ
requests. A remote authenticated attacker could use this issue to cause the
daemon to crash
Red Hat
krb5: PKINIT null pointer deref leads to DoS
vendor_redhat·2013-02-15·CVSS 5.0
CVE-2012-1016 [MEDIUM] CWE-476 krb5: PKINIT null pointer deref leads to DoS
krb5: PKINIT null pointer deref leads to DoS
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 as they did not include support for PKINIT.
Package: krb5 (Red Hat Enterprise Linux 4) - Not affected
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2012-1016: krb5 - The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c ...
vendor_debian·2012·CVSS 5.0
CVE-2012-1016 [MEDIUM] CVE-2012-1016: krb5 - The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c ...
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
Scope: local
bookworm: resolved (fixed in 1.10.1+dfsg-4+nmu1)
bullseye: resolved (fixed in 1.10.1+dfsg-4+nmu1)
forky: resolved (fixed in 1.10.1+dfsg-4+nmu1)
sid: resolved (fixed in 1.10.1+dfsg-4+nmu1)
trixie: resolved (fixed in 1.10.1+dfsg-4+nmu1)
GHSA
GHSA-677f-pp67-87jc: The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv
ghsa_unreviewed·2022-05-13
CVE-2012-1016 [MEDIUM] CWE-476 GHSA-677f-pp67-87jc: The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
OSV
krb5 vulnerabilities
osv·2014-08-11·CVSS 5.0
CVE-2012-1016 [MEDIUM] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled certain crafted Draft 9
requests. A remote attacker could use this issue to cause the daemon to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2012-1016)
It was discovered that Kerberos incorrectly handled certain malformed
KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this
issue to cause the daemon to crash, resulting in a denial of service. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)
It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ
requests. A remote authenticated attacker could use this issue to cause the
daemon to crash, resulting in a denial of service. This issue only affected
Ubuntu 1
OSV
CVE-2012-1016: The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv
osv·2013-03-05·CVSS 5.0
CVE-2012-1016 [MEDIUM] CVE-2012-1016: The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-1016 krb5: PKINIT null pointer deref leads to DoS
bugzilla·2013-03-04·CVSS 5.0
CVE-2012-1016 [MEDIUM] CVE-2012-1016 krb5: PKINIT null pointer deref leads to DoS
CVE-2012-1016 krb5: PKINIT null pointer deref leads to DoS
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-1016 to
the following vulnerability:
Name: CVE-2012-1016
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016
Assigned: 20120207
Reference: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7527
Reference: http://web.mit.edu/kerberos/www/krb5-1.10/
Reference: https://github.com/krb5/krb5/commit/db64ca25d661a47b996b4e2645998b5d7f0eb52c
The pkinit_server_return_padata function in
plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in
the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before
1.10.4 attempts to find an agility KDF identifier in inappropriate
circumstances, which allows remote attackers to cause a denial of
service
Bugzilla
CVE-2012-1016 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid()) [fedora-all]
bugzilla·2013-03-04·CVSS 5.0
CVE-2012-1016 [MEDIUM] CVE-2012-1016 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid()) [fedora-all]
CVE-2012-1016 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid()) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7527http://secunia.com/advisories/55040http://web.mit.edu/kerberos/www/krb5-1.10/https://github.com/krb5/krb5/commit/db64ca25d661a47b996b4e2645998b5d7f0eb52chttp://krbdev.mit.edu/rt/Ticket/Display.html?id=7527http://secunia.com/advisories/55040http://web.mit.edu/kerberos/www/krb5-1.10/https://github.com/krb5/krb5/commit/db64ca25d661a47b996b4e2645998b5d7f0eb52c
2013-03-05
Published