CVE-2016-3119

Published: 26 March 2016

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.

From the Ubuntu security team

It was discovered that Kerberos incorrectly handled certain requests. A remote authenticated attacker could possibly use this issue to cause a denial of service.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
Upstream
Released (1.14.2+dfsg-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.14.3+dfsg-2ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.14.3+dfsg-2ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.14.3+dfsg-2ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.13.2+dfsg-5ubuntu2.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.12+dfsg-2ubuntu5.4)
Ubuntu 12.04 ESM (Precise Pangolin) Needed

Patches:
Upstream: https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
ratliff kadmind is not supported in core and touch

References