CVE-2012-1016
krb5: PKINIT null pointer deref leads to DoS
Severity Score
Exploit Likelihood
Affected Versions
1Public Exploits
0Exploited in Wild
-Decision
Descriptions
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.
La función pkinit_server_return_padata en plugins/preauth/pkinit/pkinit_srv.c en la implementación PKINIT en el Key Distribution Center (KDC) en MIT Kerberos 5 (también conocido como krb5) anterior a v1.10.4 intenta encontrar un identificador KDF en circunstancias inapropiadas, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída del servicio) a través de una solicitud Draft especialmente diseñada.
It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-02-07 CVE Reserved
- 2013-03-03 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (6)
URL | Date | SRC |
---|