CVE-2013-6800
published 2013-11-18CVE-2013-6800: An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause…
PriorityP416medium4CVSS 2.0
AVNACLAuSCNINAP
EPSS
2.61%
83.5th percentile
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mit | kerberos | — | — |
| mit | kerberos | — | — |
| mit | kerberos | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu4.2 | 1.12+dfsg-2ubuntu4.2 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu4 | 1.12+dfsg-2ubuntu4 |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv5.0MEDIUM
vendor_ubuntu5.0MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2014-08-11·CVSS 5.0
CVE-2012-1016 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that Kerberos incorrectly handled certain crafted Draft 9
requests. A remote attacker could use this issue to cause the daemon to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2012-1016)
It was discovered that Kerberos incorrectly handled certain malformed
KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this
issue to cause the daemon to crash, resulting in a denial of service. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)
It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ
requests. A remote authenticated attacker could use this issue to cause the
daemon to crash
Red Hat
krb5: KDC remote DoS (NULL pointer dereference and daemon crash)
vendor_redhat·2013-11-04·CVSS 4.3
CVE-2013-6800 [MEDIUM] CWE-476 krb5: KDC remote DoS (NULL pointer dereference and daemon crash)
krb5: KDC remote DoS (NULL pointer dereference and daemon crash)
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.
It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request.
Package: krb5 (Red Hat Enterprise Linux 7) - Not affected
GHSA
GHSA-f64v-2v58-4rrx: An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
ghsa_unreviewed·2022-05-13·CVSS 4.3
CVE-2013-6800 [MEDIUM] GHSA-f64v-2v58-4rrx: An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.
OSV
krb5 vulnerabilities
osv·2014-08-11·CVSS 5.0
CVE-2012-1016 [MEDIUM] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly handled certain crafted Draft 9
requests. A remote attacker could use this issue to cause the daemon to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2012-1016)
It was discovered that Kerberos incorrectly handled certain malformed
KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this
issue to cause the daemon to crash, resulting in a denial of service. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)
It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ
requests. A remote authenticated attacker could use this issue to cause the
daemon to crash, resulting in a denial of service. This issue only affected
Ubuntu 1
OSV
CVE-2013-6800: An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
osv·2013-11-17·CVSS 4.3
CVE-2013-6800 [MEDIUM] CVE-2013-6800: An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash) [fedora-all]
bugzilla·2013-11-18·CVSS 4.0
CVE-2013-6800 [MEDIUM] CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash) [fedora-all]
CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note:
Bugzilla
CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash)
bugzilla·2013-11-18·CVSS 4.3
CVE-2013-6800 [MEDIUM] CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash)
CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash)
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6800 to
the following vulnerability:
Name: CVE-2013-6800
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6800
Assigned: 20131115
Reference: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757
Reference: https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418.
Discussion:
Created krb5 tracking bugs for this issue:
Affec
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757http://www.securityfocus.com/bid/63770https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89dhttp://krbdev.mit.edu/rt/Ticket/Display.html?id=7757http://www.securityfocus.com/bid/63770https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d
2013-11-18
Published