NVD

Id
37628  
Name
CVE-2013-1416  
Description
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:N/I:N/A:P)  
Pub Date
2017-01-18  
Published
2013-04-19  
Modified Date
2013-11-30  
Seq
2013-1416  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
191407 37628 CVE-2013-1416 http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600  View
191408 37628 CVE-2013-1416 FEDORA-2013-5280  View
191409 37628 CVE-2013-1416 FEDORA-2013-5286  View
191410 37628 CVE-2013-1416 openSUSE-SU-2013:0746  View
191411 37628 CVE-2013-1416 openSUSE-SU-2013:0904  View
191412 37628 CVE-2013-1416 openSUSE-SU-2013:0967  View
191413 37628 CVE-2013-1416 RHSA-2013:0748  View
191414 37628 CVE-2013-1416 MDVSA-2013:157  View
191415 37628 CVE-2013-1416 MDVSA-2013:158  View
191416 37628 CVE-2013-1416 https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
20847 JVNDB-2013-002422 MIT Kerberos の鍵配布センタ (KDC) におけるサービス運用妨害 (DoS) の脆弱性 MIT Kerberos 5 (別名 krb5) の鍵配布センタ (KDC) の do_tgs_req.c 内の prep_reprocess_req 関数は、サーバプリンシパルのレルム照会 (service-principal realm referral) を適切に実行しないため、サービス運用妨害 (NULL ポインタデリファレンスおよびデーモンクラッシュ) 状態にされる脆弱性が存在します。 CVE-2013-1416 61358 CVE-2013-1416 37628 4 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-002422.html 2013-04-05 2013-12-05 View