PT-2016-5373 · Mit+4 · Mit Kerberos 5+4

Publicado

2016-03-25

Atualizado

2024-06-15

CVE-2016-3119

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (krb5) versions 1.13.4 and earlier MIT Kerberos 5 (krb5) versions 1.14.x through 1.14.1

Description The issue is related to the process db args function in the LDAP KDB module, which does not handle the DB argument properly. This allows remote authenticated users to cause a denial of service by sending a crafted request to modify a principal, resulting in a NULL pointer dereference and daemon crash.

Recommendations For MIT Kerberos 5 (krb5) versions 1.13.4 and earlier, update to a version later than 1.13.4. For MIT Kerberos 5 (krb5) versions 1.14.x through 1.14.1, update to a version later than 1.14.1. As a temporary workaround, consider restricting access to the process db args function in the LDAP KDB module until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2016-1392

CESA-2016_2591

CVE-2016-3119

DLA-1265-1

MGASA-2016-0123

OPENSUSE-SU-2024:10004-1

RHSA-2016:2591

RHSA-2016_2591

SUSE-SU-2016:0994-1

SUSE-SU-2016:1088-1

SUSE-SU-2016_0994-1

SUSE-SU-2016_1088-1

Produtos afetados

Alt Linux

Centos

Mit Kerberos 5

Red Hat

Suse

PT-2016-5373 · Mit+4 · Mit Kerberos 5+4

CVE-2016-3119

Identificadores relacionados

Produtos afetados

Referências · 82