CVE-2012-1014

Severity

90%

Complexity

99%

Confidentiality

141%

The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.

The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.

CVSS 2.0 Base Score 9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:C).

Overview

First reported 12 years ago

2012-08-06 16:55:00

Last updated 5 years ago

2020-01-21 15:46:00

Affected Software

Mit Kerberos 5 1.10

1.10

Mit Kerberos 5 1.10.1

1.10.1

Mit Kerberos 5 1.10.2

1.10.2

References

openSUSE-SU-2012:0967

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt

Patch, Vendor Advisory

DSA-2518

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.