Wind River Support Network

HomeDefectsCGP5-1210
Fixed

CGP5-1210 : Security Advisory - krb5 - CVE-2012-1013

Created: Apr 18, 2013    Updated: Mar 11, 2016
Resolved Date: Jul 18, 2013
Previous ID: LIN3-24751, LIN5-13671
Found In Version: 5.0.1
Fix Version: 5.0.1.6
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.Per: http://cwe.mitre.org/data/definitions/476.html

'CWE-476: NULL Pointer Dereference'

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1013

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online