CVE-2013-1416
published 2013-04-19CVE-2013-1416: The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform…
PriorityP417medium4CVSS 2.0
AVNACLAuSCNINAP
EPSS
2.92%
85.3th percentile
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.10.1+dfsg-5 (bookworm) | krb5 1.10.1+dfsg-5 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mit | kerberos_5 | < 1.10.5 | 1.10.5 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-5 | 1.10.1+dfsg-5 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-5 | 1.10.1+dfsg-5 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-5 | 1.10.1+dfsg-5 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-5 | 1.10.1+dfsg-5 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu4.2 | 1.12+dfsg-2ubuntu4.2 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv5.0MEDIUM
vendor_ubuntu5.0MEDIUM
vendor_debian4.0LOW
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4vgm-5r69-wvp8: The prep_reprocess_req function in do_tgs_req
ghsa_unreviewed·2022-05-13
CVE-2013-1416 [MEDIUM] CWE-476 GHSA-4vgm-5r69-wvp8: The prep_reprocess_req function in do_tgs_req
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
OSV
krb5 vulnerabilities
osv·2014-08-11·CVSS 5.0
CVE-2012-1016 [MEDIUM] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled certain crafted Draft 9
requests. A remote attacker could use this issue to cause the daemon to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2012-1016)
It was discovered that Kerberos incorrectly handled certain malformed
KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this
issue to cause the daemon to crash, resulting in a denial of service. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)
It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ
requests. A remote authenticated attacker could use this issue to cause the
daemon to crash, resulting in a denial of service. This issue only affected
Ubuntu 1
OSV
CVE-2013-1416: The prep_reprocess_req function in do_tgs_req
osv·2013-04-19·CVSS 4.0
CVE-2013-1416 [MEDIUM] CVE-2013-1416: The prep_reprocess_req function in do_tgs_req
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2014-08-11·CVSS 5.0
CVE-2012-1016 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that Kerberos incorrectly handled certain crafted Draft 9
requests. A remote attacker could use this issue to cause the daemon to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2012-1016)
It was discovered that Kerberos incorrectly handled certain malformed
KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this
issue to cause the daemon to crash, resulting in a denial of service. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)
It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ
requests. A remote authenticated attacker could use this issue to cause the
daemon to crash
Red Hat
krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests
vendor_redhat·2013-03-29·CVSS 4.0
CVE-2013-1416 [MEDIUM] CWE-476 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests
krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 and 5.
Package: krb5 (Red Hat Enterprise Linux 4) - Not affected
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Package: krb5 (Red Hat JBoss Enterprise Web Server 2) - Affected
Debian
CVE-2013-1416: krb5 - The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (...
vendor_debian·2013·CVSS 4.0
CVE-2013-1416 [MEDIUM] CVE-2013-1416: krb5 - The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (...
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
Scope: local
bookworm: resolved (fixed in 1.10.1+dfsg-5)
bullseye: resolved (fixed in 1.10.1+dfsg-5)
forky: resolved (fixed in 1.10.1+dfsg-5)
sid: resolved (fixed in 1.10.1+dfsg-5)
trixie: resolved (fixed in 1.10.1+dfsg-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1416 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests
bugzilla·2013-04-09·CVSS 4.0
CVE-2013-1416 [MEDIUM] CVE-2013-1416 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests
CVE-2013-1416 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests
A NULL pointer deference flaw was found in the way key distribution center (KDC) of MIT Kerberos 5, a network authentication system, performed processing of certain ticket-granting service requests (TGS-REQs). A remote authenticated attacker could use this flaw to cause the KDC process to crash (attempting to dereference a NULL pointer).
Upstream ticket:
[1] http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7600
Relevant upstream patch:
[2] https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81
Other references:
[3] http://diswww.mit.edu:8008/menelaus.mit.edu/cvs-krb5/27664
[4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704775
Discussion:
Th
Bugzilla
CVE-2013-1416 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests [fedora-all]
bugzilla·2013-04-09·CVSS 4.0
CVE-2013-1416 [MEDIUM] CVE-2013-1416 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests [fedora-all]
CVE-2013-1416 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when availab
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102058.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/102074.htmlhttp://lists.opensuse.org/opensuse-updates/2013-05/msg00011.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00041.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00102.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0748.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:157http://www.mandriva.com/security/advisories?name=MDVSA-2013:158https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102058.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-April/102074.htmlhttp://lists.opensuse.org/opensuse-updates/2013-05/msg00011.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00041.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00102.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0748.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:157http://www.mandriva.com/security/advisories?name=MDVSA-2013:158https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81
2013-04-19
Published