Description
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.
References (10)
Core 10
Core References
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:157
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-06/msg00041.html
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:158
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102074.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-06/msg00102.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-05/msg00011.html
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102058.html
Patch, Third Party Advisory x_refsource_confirm
https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81
Vendor Advisory x_refsource_confirm
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7600
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0748.html
Scores
EPSS
0.0227
EPSS Percentile
84.8%
Details
CWE
CWE-476
Status
published
Products (12)
fedoraproject/fedora
17
fedoraproject/fedora
18
mit/kerberos_5
< 1.10.5
opensuse/opensuse
11.4
opensuse/opensuse
12.1
opensuse/opensuse
12.2
opensuse/opensuse
12.3
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_eus
6.4
redhat/enterprise_linux_server
6.0
... and 2 more
Published
Apr 19, 2013
Tracked Since
Feb 18, 2026