CVE-2012-1015

Name of the Vulnerable Software and Affected Versions krb5 versions 1.8.x through 1.9.x before 1.9.5 krb5 versions 1.10.x before 1.10.3 krb5-1.9 versions krb5-workstation-1.9 versions krb5-debuginfo-1.9 versions krb5-libs-1.9 versions krb5-devel-1.9 versions krb5-server-1.9 versions krb5-pkinit-openssl-1.9 versions krb5-server-ldap-1.9 versions mit-krb5 versions prior to 1.11.4

Description The issue affects the Key Distribution Center (KDC) in MIT Kerberos 5, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted AS-REQ request. This is due to the kdc handle protected negotiation function attempting to calculate a checksum before verifying that the key type is appropriate for a checksum, leading to potential heap memory corruption and daemon crash. The exploitation of these vulnerabilities can lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For krb5 versions 1.8.x through 1.9.x before 1.9.5, update to version 1.9.5 or later. For krb5 versions 1.10.x before 1.10.3, update to version 1.10.3 or later. For mit-krb5 versions prior to 1.11.4, update to version 1.11.4 or later. As a temporary workaround, consider restricting access to the KDC until a patch is available. Avoid using the vulnerable kdc handle protected negotiation function until the issue is resolved.