CVE-2016-3119
published 2016-03-26CVE-2016-3119: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4…
PriorityP340medium5.3CVSS 3.0
AVNACHPRLUINSUCNINAH
EPSS
39.97%
98.4th percentile
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
Affected
76 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.14.2+dfsg-1 (bookworm) | krb5 1.14.2+dfsg-1 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
krb5: null pointer dereference in kadmin
vendor_redhat·2016-03-14·CVSS 5.3
CVE-2016-3119 [MEDIUM] CWE-476 krb5: null pointer dereference in kadmin
krb5: null pointer dereference in kadmin
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module.
Package: krb5 (Red Hat Enterprise Linux 5) -
Debian
CVE-2016-3119: krb5 - The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c i...
vendor_debian·2016·CVSS 5.3
CVE-2016-3119 [MEDIUM] CVE-2016-3119: krb5 - The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c i...
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
Scope: local
bookworm: resolved (fixed in 1.14.2+dfsg-1)
bullseye: resolved (fixed in 1.14.2+dfsg-1)
forky: resolved (fixed in 1.14.2+dfsg-1)
sid: resolved (fixed in 1.14.2+dfsg-1)
trixie: resolved (fixed in 1.14.2+dfsg-1)
GHSA
GHSA-qq9x-4x4m-294x: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2
ghsa_unreviewed·2022-05-13
CVE-2016-3119 [MEDIUM] GHSA-qq9x-4x4m-294x: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
OSV
CVE-2016-3119: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2
osv·2016-03-26·CVSS 5.3
CVE-2016-3119 [MEDIUM] CVE-2016-3119: The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-3119 krb5: null pointer dereference in kadmin [fedora-all]
bugzilla·2016-03-21·CVSS 5.3
CVE-2016-3119 [MEDIUM] CVE-2016-3119 krb5: null pointer dereference in kadmin [fedora-all]
CVE-2016-3119 krb5: null pointer dereference in kadmin [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Wh
Bugzilla
CVE-2016-3119 krb5: null pointer dereference in kadmin
bugzilla·2016-03-21·CVSS 5.3
CVE-2016-3119 [MEDIUM] CVE-2016-3119 krb5: null pointer dereference in kadmin
CVE-2016-3119 krb5: null pointer dereference in kadmin
It was reported that in all versions of MIT krb5, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module.
Upstream patch:
https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
Discussion:
Created krb5 tracking bugs for this issue:
Affects: fedora-all [bug 1319617]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:2591 https://rhn.redhat.com/errata/RHSA-2016-2591.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.htmlhttp://lists.opensuse.org/opensuse-updates/2016-04/msg00055.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2591.htmlhttp://www.securityfocus.com/bid/85392http://www.securitytracker.com/id/1035399https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99https://lists.debian.org/debian-lts-announce/2018/01/msg00040.htmlhttp://lists.opensuse.org/opensuse-updates/2016-04/msg00007.htmlhttp://lists.opensuse.org/opensuse-updates/2016-04/msg00055.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2591.htmlhttp://www.securityfocus.com/bid/85392http://www.securitytracker.com/id/1035399https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
2016-03-26
Published