CVE-2013-1418

krb5: multi-realm KDC null dereference leads to crash

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

La función setup_server_realm en main.c en Key Distribution Center (KDC) de MIT Kerberos 5 (también conocido como krb5) anterior a la versión 1.10.7, cuando se configuran varios campos, permite a atacantes remotos provocar una denegación de servicio (referencia a un puntero NULL y cierre del demonio) a través de una petición manipulada.

It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-01-24 CVE Reserved
2013-11-16 CVE Published
2023-09-28 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (12)

URL	Tag	Source
http://advisories.mageia.org/MGASA-2013-0335.html	Third Party Advisory
http://www.securityfocus.com/bid/63555	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html	Mailing List

URL	Date	SRC

URL	Date	SRC
https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d	2021-02-02

URL	Date	SRC
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757	2021-02-02
http://lists.opensuse.org/opensuse-updates/2013-11/msg00082.html	2021-02-02
http://lists.opensuse.org/opensuse-updates/2013-11/msg00086.html	2021-02-02
http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html	2021-02-02
http://web.mit.edu/kerberos/krb5-1.10/README-1.10.7.txt	2021-02-02
http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt	2021-02-02
https://bugzilla.redhat.com/show_bug.cgi?id=1026942	2014-10-13
https://access.redhat.com/security/cve/CVE-2013-1418	2014-10-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				< 1.10.7 Search vendor "Mit" for product "Kerberos 5" and version " < 1.10.7"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.4 Search vendor "Opensuse" for product "Opensuse" and version "11.4"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				12.2 Search vendor "Opensuse" for product "Opensuse" and version "12.2"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				12.3 Search vendor "Opensuse" for product "Opensuse" and version "12.3"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1"		-		Affected