Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-1416

Published: 19 April 2013

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

Notes

AuthorNote
jdstrand
per Debian, only krb5 releases 1.7 to 1.10 are affected

Priority

Medium

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
hardy Not vulnerable
(1.6.dfsg.3~beta1-2ubuntu1.8)
lucid
Released (1.8.1+dfsg-2ubuntu0.13)
oneiric Ignored
(end of life)
precise
Released (1.10+dfsg~beta1-2ubuntu0.5)
quantal Ignored
(end of life)
raring Ignored
(end of life)
saucy Not vulnerable
(1.10.1+dfsg-6.1ubuntu1)
trusty Not vulnerable
(1.11.3+dfsg-3ubuntu2)
upstream
Released (1.10.1+dfsg-5)
Patches:
upstream: https://github.com/krb5/krb5/commit/8ee70ec63931d1e38567905387ab9b1d45734d81
Binaries built from this source package are in Universe and so are supported by the community.