Wind River Support Network

HomeDefectsCGP5-1216
Fixed

CGP5-1216 : Security Advisory - krb5 - CVE-2013-1416

Created: May 2, 2013    Updated: Mar 11, 2016
Resolved Date: Jul 18, 2013
Previous ID: LIN3-24723, LIN5-13202
Found In Version: 5.0.1
Fix Version: 5.0.1.6
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1416

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online