[Bug 1009422] Re: (CVE-2012-1013) krb5 : kadmind denial of service
Steve Beattie
sbeattie at ubuntu.com
Tue Jul 31 22:59:15 UTC 2012
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1012
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1014
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1015
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1009422
Title:
(CVE-2012-1013) krb5 : kadmind denial of service
Status in “krb5” package in Ubuntu:
Fix Released
Status in “krb5” package in Fedora:
Unknown
Bug description:
https://secunia.com/advisories/49346/
Description
A weakness has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereference error in
the "check_1_6_dummy()" function in src/lib/kadm5/srv/svr_principal.c.
This can be exploited to cause a crash via a create-principal request
containing no password but the KRB5_KDB_DISALLOW_ALL_TIX flag.
Successful exploitation requires an administrator account with
"create" privileges.
The weakness is reported in versions prior to 1.10.2.
Solution
Update to version 1.10.2.
Provided and/or discovered by
Reported by the vendor.
Original Advisory
http://web.mit.edu/kerberos/krb5-1.10/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1009422/+subscriptions
More information about the foundations-bugs
mailing list