CVE-2016-3119
krb5: null pointer dereference in kadmin
Severity Score
5.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
La función process_db_args en plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en el módulo LDAP KDB en kadmind en MIT Kerberos 5 (también conocido como krb5) hasta la versión 1.13.4 y 1.14.x hasta la versión 1.14.1 no maneja adecuadamente el argumento DB, lo que permite a usuarios remotros autenticados provocar una denegación de servicio (referencia a puntero NULL y caída de demonio) a través de una petición manipulada para modificar una principal.
A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module.
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. The following packages have been upgraded to a newer upstream version: krb5. Multiple security issues have been addressed.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-03-11 CVE Reserved
- 2016-03-26 CVE Published
- 2024-08-05 CVE Updated
- 2025-07-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/85392 | Third Party Advisory | |
| http://www.securitytracker.com/id/1035399 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99 | 2020-01-21 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html | 2020-01-21 | |
| http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html | 2020-01-21 | |
| http://rhn.redhat.com/errata/RHSA-2016-2591.html | 2020-01-21 | |
| https://access.redhat.com/security/cve/CVE-2016-3119 | 2016-11-03 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1319616 | 2016-11-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.1 Search vendor "Opensuse" for product "Leap" and version "42.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.0 Search vendor "Mit" for product "Kerberos 5" and version "1.0" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.0.6 Search vendor "Mit" for product "Kerberos 5" and version "1.0.6" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.1 Search vendor "Mit" for product "Kerberos 5" and version "1.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.1.1 Search vendor "Mit" for product "Kerberos 5" and version "1.1.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2 Search vendor "Mit" for product "Kerberos 5" and version "1.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2 Search vendor "Mit" for product "Kerberos 5" and version "1.2" | beta1 |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2 Search vendor "Mit" for product "Kerberos 5" and version "1.2" | beta2 |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2.1 Search vendor "Mit" for product "Kerberos 5" and version "1.2.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2.2 Search vendor "Mit" for product "Kerberos 5" and version "1.2.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2.3 Search vendor "Mit" for product "Kerberos 5" and version "1.2.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2.4 Search vendor "Mit" for product "Kerberos 5" and version "1.2.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2.5 Search vendor "Mit" for product "Kerberos 5" and version "1.2.5" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2.6 Search vendor "Mit" for product "Kerberos 5" and version "1.2.6" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2.7 Search vendor "Mit" for product "Kerberos 5" and version "1.2.7" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.2.8 Search vendor "Mit" for product "Kerberos 5" and version "1.2.8" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.3 Search vendor "Mit" for product "Kerberos 5" and version "1.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.3 Search vendor "Mit" for product "Kerberos 5" and version "1.3" | alpha1 |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.3.1 Search vendor "Mit" for product "Kerberos 5" and version "1.3.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.3.2 Search vendor "Mit" for product "Kerberos 5" and version "1.3.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.3.3 Search vendor "Mit" for product "Kerberos 5" and version "1.3.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.3.4 Search vendor "Mit" for product "Kerberos 5" and version "1.3.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.3.5 Search vendor "Mit" for product "Kerberos 5" and version "1.3.5" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.3.6 Search vendor "Mit" for product "Kerberos 5" and version "1.3.6" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.4 Search vendor "Mit" for product "Kerberos 5" and version "1.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.4.1 Search vendor "Mit" for product "Kerberos 5" and version "1.4.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.4.2 Search vendor "Mit" for product "Kerberos 5" and version "1.4.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.4.3 Search vendor "Mit" for product "Kerberos 5" and version "1.4.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.4.4 Search vendor "Mit" for product "Kerberos 5" and version "1.4.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.5 Search vendor "Mit" for product "Kerberos 5" and version "1.5" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.5.1 Search vendor "Mit" for product "Kerberos 5" and version "1.5.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.5.2 Search vendor "Mit" for product "Kerberos 5" and version "1.5.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.5.3 Search vendor "Mit" for product "Kerberos 5" and version "1.5.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.6 Search vendor "Mit" for product "Kerberos 5" and version "1.6" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.6.1 Search vendor "Mit" for product "Kerberos 5" and version "1.6.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.6.2 Search vendor "Mit" for product "Kerberos 5" and version "1.6.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.7 Search vendor "Mit" for product "Kerberos 5" and version "1.7" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.7.1 Search vendor "Mit" for product "Kerberos 5" and version "1.7.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8 Search vendor "Mit" for product "Kerberos 5" and version "1.8" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.1 Search vendor "Mit" for product "Kerberos 5" and version "1.8.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.2 Search vendor "Mit" for product "Kerberos 5" and version "1.8.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.3 Search vendor "Mit" for product "Kerberos 5" and version "1.8.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.4 Search vendor "Mit" for product "Kerberos 5" and version "1.8.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.5 Search vendor "Mit" for product "Kerberos 5" and version "1.8.5" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.8.6 Search vendor "Mit" for product "Kerberos 5" and version "1.8.6" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.9 Search vendor "Mit" for product "Kerberos 5" and version "1.9" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.9.1 Search vendor "Mit" for product "Kerberos 5" and version "1.9.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.9.2 Search vendor "Mit" for product "Kerberos 5" and version "1.9.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.9.3 Search vendor "Mit" for product "Kerberos 5" and version "1.9.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.9.4 Search vendor "Mit" for product "Kerberos 5" and version "1.9.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10 Search vendor "Mit" for product "Kerberos 5" and version "1.10" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10.1 Search vendor "Mit" for product "Kerberos 5" and version "1.10.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10.2 Search vendor "Mit" for product "Kerberos 5" and version "1.10.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10.3 Search vendor "Mit" for product "Kerberos 5" and version "1.10.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10.4 Search vendor "Mit" for product "Kerberos 5" and version "1.10.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11 Search vendor "Mit" for product "Kerberos 5" and version "1.11" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11.1 Search vendor "Mit" for product "Kerberos 5" and version "1.11.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11.2 Search vendor "Mit" for product "Kerberos 5" and version "1.11.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11.3 Search vendor "Mit" for product "Kerberos 5" and version "1.11.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11.4 Search vendor "Mit" for product "Kerberos 5" and version "1.11.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11.5 Search vendor "Mit" for product "Kerberos 5" and version "1.11.5" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.12 Search vendor "Mit" for product "Kerberos 5" and version "1.12" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.12.1 Search vendor "Mit" for product "Kerberos 5" and version "1.12.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.12.2 Search vendor "Mit" for product "Kerberos 5" and version "1.12.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.12.3 Search vendor "Mit" for product "Kerberos 5" and version "1.12.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.13 Search vendor "Mit" for product "Kerberos 5" and version "1.13" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.13.1 Search vendor "Mit" for product "Kerberos 5" and version "1.13.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.13.2 Search vendor "Mit" for product "Kerberos 5" and version "1.13.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.13.3 Search vendor "Mit" for product "Kerberos 5" and version "1.13.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.13.4 Search vendor "Mit" for product "Kerberos 5" and version "1.13.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.14 Search vendor "Mit" for product "Kerberos 5" and version "1.14" | alpha1 |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.14 Search vendor "Mit" for product "Kerberos 5" and version "1.14" | beta1 |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.14 Search vendor "Mit" for product "Kerberos 5" and version "1.14" | beta2 |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.14.0 Search vendor "Mit" for product "Kerberos 5" and version "1.14.0" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.14.1 Search vendor "Mit" for product "Kerberos 5" and version "1.14.1" | - |
Affected
| ||||||