Please sign in to comment.
KDC TGS-REQ null deref [CVE-2013-1416]
By sending an unusual but valid TGS-REQ, an authenticated remote attacker can cause the KDC process to crash by dereferencing a null pointer. prep_reprocess_req() can cause a null pointer dereference when processing a service principal name. Code in this function can inappropriately pass a null pointer to strlcpy(). Unmodified client software can trivially trigger this vulnerability, but the attacker must have already authenticated and received a valid Kerberos ticket. The vulnerable code was introduced by the implementation of new service principal realm referral functionality in krb5-1.7, but was corrected as a side effect of the KDC refactoring in krb5-1.11. CVSSv2 vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:H/RL:O/RC:C ticket: 7600 (new) version_fixed: 1.10.5 status: resolved
- Loading branch information...