CVE-2013-1415
published 2013-03-05CVE-2013-1415: The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.21%
89.7th percentile
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.10.1+dfsg-4 (bookworm) | krb5 1.10.1+dfsg-4 (bookworm) |
| mit | kerberos_5 | < 1.10.4 | 1.10.4 |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.10.1+dfsg-4 | 1.10.1+dfsg-4 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-4 | 1.10.1+dfsg-4 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-4 | 1.10.1+dfsg-4 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-4 | 1.10.1+dfsg-4 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu4.2 | 1.12+dfsg-2ubuntu4.2 |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gvc4-pvfx-8p8m: The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl
ghsa_unreviewed·2022-05-13
CVE-2013-1415 [MEDIUM] CWE-476 GHSA-gvc4-pvfx-8p8m: The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
OSV
krb5 vulnerabilities
osv·2014-08-11·CVSS 5.0
CVE-2012-1016 [MEDIUM] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled certain crafted Draft 9
requests. A remote attacker could use this issue to cause the daemon to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2012-1016)
It was discovered that Kerberos incorrectly handled certain malformed
KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this
issue to cause the daemon to crash, resulting in a denial of service. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)
It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ
requests. A remote authenticated attacker could use this issue to cause the
daemon to crash, resulting in a denial of service. This issue only affected
Ubuntu 1
OSV
CVE-2013-1415: The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl
osv·2013-03-05·CVSS 5.0
CVE-2013-1415 [MEDIUM] CVE-2013-1415: The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2014-08-11·CVSS 5.0
CVE-2012-1016 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that Kerberos incorrectly handled certain crafted Draft 9
requests. A remote attacker could use this issue to cause the daemon to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2012-1016)
It was discovered that Kerberos incorrectly handled certain malformed
KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this
issue to cause the daemon to crash, resulting in a denial of service. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)
It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ
requests. A remote authenticated attacker could use this issue to cause the
daemon to crash
Red Hat
krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid())
vendor_redhat·2013-02-15·CVSS 5.0
CVE-2013-1415 [MEDIUM] CWE-476 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid())
krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid())
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 as they did not include support for PKINIT.
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2013-1415: krb5 - The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_opens...
vendor_debian·2013·CVSS 5.0
CVE-2013-1415 [MEDIUM] CVE-2013-1415: krb5 - The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_opens...
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Scope: local
bookworm: resolved (fixed in 1.10.1+dfsg-4)
bullseye: resolved (fixed in 1.10.1+dfsg-4)
forky: resolved (fixed in 1.10.1+dfsg-4)
sid: resolved (fixed in 1.10.1+dfsg-4)
trixie: resolved (fixed in 1.10.1+dfsg-4)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1415 krb5: PKINIT null pointer deref leads to DoS [fedora-all]
bugzilla·2013-02-22·CVSS 5.0
CVE-2013-1415 [MEDIUM] CVE-2013-1415 krb5: PKINIT null pointer deref leads to DoS [fedora-all]
CVE-2013-1415 krb5: PKINIT null pointer deref leads to DoS [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects m
Bugzilla
CVE-2013-1415 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid())
bugzilla·2013-02-22·CVSS 5.0
CVE-2013-1415 [MEDIUM] CVE-2013-1415 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid())
CVE-2013-1415 krb5: PKINIT null pointer deref leads to DoS (pkinit_check_kdc_pkid())
It was reported that the KDC plugin for PKINIT could dereference a NULL pointer when a malformed packet caused processing to terminate early, which led to a crash of the KDC process. An attacker would require a valid PKINIT certificate or have observed a successful PKINIT authentication to execute a successful attack. In addition, an unauthenticated attacker could execute the attack of anonymouse PKINIT was enabled.
The PKINIT plugin was introduced in version 1.6.3; versions prior are not affected by this vulnerability.
External References:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570
http://web.mit.edu/kerberos/krb5-1.11/
Statement:
This issue did not affect the versions of krb5 as shipped
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7570http://krbdev.mit.edu/rt/Ticket/Display.html?id=7577http://lists.opensuse.org/opensuse-updates/2013-03/msg00090.htmlhttp://secunia.com/advisories/55040http://web.mit.edu/kerberos/www/krb5-1.10/http://web.mit.edu/kerberos/www/krb5-1.11/http://www.mandriva.com/security/advisories?name=MDVSA-2013:157https://github.com/krb5/krb5/commit/f249555301940c6df3a2cdda13b56b5674eebc2ehttp://krbdev.mit.edu/rt/Ticket/Display.html?id=7570http://krbdev.mit.edu/rt/Ticket/Display.html?id=7577http://lists.opensuse.org/opensuse-updates/2013-03/msg00090.htmlhttp://secunia.com/advisories/55040http://web.mit.edu/kerberos/www/krb5-1.10/http://web.mit.edu/kerberos/www/krb5-1.11/http://www.mandriva.com/security/advisories?name=MDVSA-2013:157https://github.com/krb5/krb5/commit/f249555301940c6df3a2cdda13b56b5674eebc2e
2013-03-05
Published