CVE-2012-1013
krb5: kadmind denial of service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.
La función check_1_6_dummy en lib/kadm5/srv/svr_principal.c en kadmind en MIT Kerberos 5 (también conocido como krb5) v1.8.x, v1.9.x y v1.10.x antes de v1.10.2 permite provocar una denegación de servicio (eliminación de referencia a puntero NULL y caída del demonio) a los administradores remotos autenticados a través de una solicitud de creación KRB5_KDB_DISALLOW_ALL_TIX que carece de contraseña.
Fixed a kadmind denial of service issue, which could only be triggered by an administrator with the create privilege. The MIT krb5 KDC daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability. It was reported that the KDC plugin for PKINIT could dereference a NULL pointer when a malformed packet caused processing to terminate early, which led to a crash of the KDC process. An attacker would require a valid PKINIT certificate or have observed a successful PKINIT authentication to execute a successful attack. In addition, an unauthenticated attacker could execute the attack of anonymouse PKINIT was enabled. The updated packages have been patched to correct these issues.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-02-07 CVE Reserved
- 2012-06-07 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7152 | X_refsource_confirm | |
http://mailman.mit.edu/pipermail/kerberos-announce/2012q2/000136.html | Mailing List | |
http://web.mit.edu/kerberos/krb5-1.10 | X_refsource_confirm | |
http://www.securityfocus.com/bid/53784 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77b | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2012-1131.html | 2020-01-21 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2012:102 | 2020-01-21 | |
https://bugzilla.redhat.com/show_bug.cgi?id=827517 | 2012-07-31 | |
https://hermes.opensuse.org/messages/15083635 | 2020-01-21 | |
https://access.redhat.com/security/cve/CVE-2012-1013 | 2012-07-31 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8 Search vendor "Mit" for product "Kerberos 5" and version "1.8" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.1 Search vendor "Mit" for product "Kerberos 5" and version "1.8.1" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.2 Search vendor "Mit" for product "Kerberos 5" and version "1.8.2" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.3 Search vendor "Mit" for product "Kerberos 5" and version "1.8.3" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.4 Search vendor "Mit" for product "Kerberos 5" and version "1.8.4" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.5 Search vendor "Mit" for product "Kerberos 5" and version "1.8.5" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.6 Search vendor "Mit" for product "Kerberos 5" and version "1.8.6" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.9 Search vendor "Mit" for product "Kerberos 5" and version "1.9" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.9.1 Search vendor "Mit" for product "Kerberos 5" and version "1.9.1" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.9.2 Search vendor "Mit" for product "Kerberos 5" and version "1.9.2" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.9.3 Search vendor "Mit" for product "Kerberos 5" and version "1.9.3" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10 Search vendor "Mit" for product "Kerberos 5" and version "1.10" | - |
Affected
| ||||||
Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10.1 Search vendor "Mit" for product "Kerberos 5" and version "1.10.1" | - |
Affected
|