CVE-2013-1417
published 2013-11-20CVE-2013-1417: do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote…
PriorityP414low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
1.93%
77.5th percentile
do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.11.3+dfsg-3+nmu1 (bookworm) | krb5 1.11.3+dfsg-3+nmu1 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.11.3+dfsg-3+nmu1 | 1.11.3+dfsg-3+nmu1 |
| mit | krb5 | >= 0 < 1.11.3+dfsg-3+nmu1 | 1.11.3+dfsg-3+nmu1 |
| mit | krb5 | >= 0 < 1.11.3+dfsg-3+nmu1 | 1.11.3+dfsg-3+nmu1 |
| mit | krb5 | >= 0 < 1.11.3+dfsg-3+nmu1 | 1.11.3+dfsg-3+nmu1 |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv3.5LOW
vendor_debian3.5LOW
vendor_redhat3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wfgh-cf33-x6c3: do_tgs_req
ghsa_unreviewed·2022-05-13
CVE-2013-1417 [LOW] CWE-20 GHSA-wfgh-cf33-x6c3: do_tgs_req
do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.
OSV
CVE-2013-1417: do_tgs_req
osv·2013-11-20·CVSS 3.5
CVE-2013-1417 [LOW] CVE-2013-1417: do_tgs_req
do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.
Red Hat
krb5: KDC null deref due to referrals
vendor_redhat·2013-06-21·CVSS 3.5
CVE-2013-1417 [LOW] CWE-476 krb5: KDC null deref due to referrals
krb5: KDC null deref due to referrals
do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.
Statement: Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 and 6.
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Package: krb5 (Red Hat Enterprise Linux 6) - Not affected
Package: krb5 (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2013-1417: krb5 - do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1...
vendor_debian·2013·CVSS 3.5
CVE-2013-1417 [LOW] CVE-2013-1417: krb5 - do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1...
do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.
Scope: local
bookworm: resolved (fixed in 1.11.3+dfsg-3+nmu1)
bullseye: resolved (fixed in 1.11.3+dfsg-3+nmu1)
forky: resolved (fixed in 1.11.3+dfsg-3+nmu1)
sid: resolved (fixed in 1.11.3+dfsg-3+nmu1)
trixie: resolved (fixed in 1.11.3+dfsg-3+nmu1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-1417 krb5: KDC null deref due to referrals [fedora-19]
bugzilla·2013-11-15·CVSS 3.5
CVE-2013-1417 [LOW] CVE-2013-1417 krb5: KDC null deref due to referrals [fedora-19]
CVE-2013-1417 krb5: KDC null deref due to referrals [fedora-19]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-19 tracking bug for krb5: see bloc
Bugzilla
CVE-2013-1417 krb5: KDC null deref due to referrals
bugzilla·2013-11-15·CVSS 3.5
CVE-2013-1417 [LOW] CVE-2013-1417 krb5: KDC null deref due to referrals
CVE-2013-1417 krb5: KDC null deref due to referrals
From the upstream commit [1]:
An authenticated remote client can cause a KDC to crash by making a
valid TGS-REQ to a KDC serving a realm with a single-component name.
The process_tgs_req() function dereferences a null pointer because an
unusual failure condition causes a helper function to return success.
While attempting to provide cross-realm referrals for host-based
service principals, the find_referral_tgs() function could return a
TGS principal for a zero-length realm name (indicating that the
hostname in the service principal has no known realm associated with
it).
Subsequently, the find_alternate_tgs() function would attempt to
construct a path to this empty-string realm, and return success along
with a null pointer in its outp
http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.htmlhttp://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txthttps://bugzilla.redhat.com/show_bug.cgi?id=1030743https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acchttp://lists.opensuse.org/opensuse-updates/2013-12/msg00026.htmlhttp://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txthttps://bugzilla.redhat.com/show_bug.cgi?id=1030743https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc
2013-11-20
Published