[Bug 1009422] Re: (CVE-2012-1013) krb5 : kadmind denial of service
Launchpad Bug Tracker
1009422 at bugs.launchpad.net
Tue Jul 31 19:06:26 UTC 2012
** Branch linked: lp:ubuntu/lucid-security/krb5
** Branch linked: lp:ubuntu/natty-security/krb5
** Branch linked: lp:ubuntu/oneiric-security/krb5
** Branch linked: lp:ubuntu/precise-security/krb5
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1009422
Title:
(CVE-2012-1013) krb5 : kadmind denial of service
Status in “krb5” package in Ubuntu:
Fix Released
Status in “krb5” package in Fedora:
Unknown
Bug description:
https://secunia.com/advisories/49346/
Description
A weakness has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereference error in
the "check_1_6_dummy()" function in src/lib/kadm5/srv/svr_principal.c.
This can be exploited to cause a crash via a create-principal request
containing no password but the KRB5_KDB_DISALLOW_ALL_TIX flag.
Successful exploitation requires an administrator account with
"create" privileges.
The weakness is reported in versions prior to 1.10.2.
Solution
Update to version 1.10.2.
Provided and/or discovered by
Reported by the vendor.
Original Advisory
http://web.mit.edu/kerberos/krb5-1.10/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions
More information about the foundations-bugs
mailing list