PT-2013-1200 · Mit+4 · Mit Kerberos 5+4

Published

2013-11-16

Updated

2024-06-15

CVE-2013-1418

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to 1.10.7 MIT Kerberos 5 versions prior to 1.11.4

Description The issue allows remote attackers to cause a denial of service, potentially leading to a disruption in confidentiality, integrity, and availability of protected information. This can be achieved through crafted requests, specifically targeting the setup server realm function in the Key Distribution Center (KDC) when multiple realms are configured, resulting in a NULL pointer dereference and daemon crash.

Recommendations For versions prior to 1.10.7, update to version 1.10.7 or later to resolve the issue. For versions prior to 1.11.4, update to version 1.11.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the setup server realm function in the KDC to minimize the risk of exploitation.

Fix

DoS

RCE

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-476

Related Identifiers

BDU:2015-09675

CESA-2014_1389

CVE-2013-1418

DLA-1265-1

MGASA-2013-0335

MGASA-2013-0336

OPENSUSE-SU-2024:10004-1

RHSA-2014:1245

RHSA-2014:1389

RHSA-2014_1245

RHSA-2014_1389

SUSE-SU-2013_1875-1

USN-2310-1

Affected Products

Centos

Mit Kerberos 5

Red Hat

Suse

Ubuntu

PT-2013-1200 · Mit+4 · Mit Kerberos 5+4

CVE-2013-1418

Weakness Enumeration

Related Identifiers

Affected Products

References · 94