PT-2013-1200 · Mit+4 · Mit Kerberos 5+4

Publicado

2013-11-16

Atualizado

2024-06-15

CVE-2013-1418

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to 1.10.7 MIT Kerberos 5 versions prior to 1.11.4

Description The issue allows remote attackers to cause a denial of service, potentially leading to a disruption in confidentiality, integrity, and availability of protected information. This can be achieved through crafted requests, specifically targeting the setup server realm function in the Key Distribution Center (KDC) when multiple realms are configured, resulting in a NULL pointer dereference and daemon crash.

Recommendations For versions prior to 1.10.7, update to version 1.10.7 or later to resolve the issue. For versions prior to 1.11.4, update to version 1.11.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the setup server realm function in the KDC to minimize the risk of exploitation.

Correção

DoS

RCE

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-476

Identificadores relacionados

BDU:2015-09675

CESA-2014_1389

CVE-2013-1418

DLA-1265-1

MGASA-2013-0335

MGASA-2013-0336

OPENSUSE-SU-2024:10004-1

RHSA-2014:1245

RHSA-2014:1389

RHSA-2014_1245

RHSA-2014_1389

SUSE-SU-2013_1875-1

USN-2310-1

Produtos afetados

Centos

Mit Kerberos 5

Red Hat

Suse

Ubuntu

PT-2013-1200 · Mit+4 · Mit Kerberos 5+4

CVE-2013-1418

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 94