Wind River Support Network

HomeDefectsLIN7-6627

Fixed

LIN7-6627 : Security Advisory - krb5 - CVE-2016-3120

Created: Aug 14, 2016 Updated: Sep 8, 2018

Resolved Date: Aug 18, 2016

Found In Version: 7.0.0.18

Fix Version: 7.0.0.19

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3120

Other Downloads

Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2016-3120