(CVE-2012-1013) krb5 : kadmind denial of service
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
krb5 (Fedora) |
Fix Released
|
Low
|
|||
krb5 (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Bug Description
https:/
Description
A weakness has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereference error in the "check_1_6_dummy()" function in src/lib/
Successful exploitation requires an administrator account with "create" privileges.
The weakness is reported in versions prior to 1.10.2.
Solution
Update to version 1.10.2.
Provided and/or discovered by
Reported by the vendor.
Original Advisory
http://
CVE References
summary: |
- (CVE-2012-1013) krb5 : "check_1_6_dummy()" Denial of Service Weakness - (CVE-2012-1013) + (CVE-2012-1013) krb5 : kadmind denial of service |
visibility: | private → public |
Changed in krb5 (Fedora): | |
importance: | Unknown → Low |
status: | Unknown → Fix Released |
MIT Kerberos 5 version 1.10.2 was released [1] and noted as fixing:
* Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the "create" privilege. [CVE-2012-1013]
No information is currently available on which versions are affected by this flaw.
[1] http:// mailman. mit.edu/ pipermail/ kerberos- announce/ 2012q2/ 000136. html