SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
MIT Kerberos Third-Party KDC Database Module Null Pointer Dereference Lets Remote Users Deny Service
SecurityTracker Alert ID:  1029860
SecurityTracker URL:  http://securitytracker.com/id/1029860
CVE Reference:   CVE-2013-6800   (Links to External Site)
Date:  Mar 4 2014
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 5-1.10.7
Description:   A vulnerability was reported in MIT Kerberos. A remote authenticated user can cause denial of service conditions.

On systems that use a third-party KDC database module, a remote authenticated can send specially crafted data to trigger a null pointer dereference and cause the target KDC service to crash in certain cases.

Impact:   A remote authenticated user can cause the target service to crash.
Solution:   The vendor has issued a fix (1.10.7) [in November 2013].
Vendor URL:  web.mit.edu/kerberos/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 17 2014 (Red Hat Issues Fix) MIT Kerberos Third-Party KDC Database Module Null Pointer Dereference Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 5.
Oct 14 2014 (Red Hat Issues Fix) MIT Kerberos Third-Party KDC Database Module Null Pointer Dereference Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.



 Source Message Contents

Subject:  [oss-security] Re: CVE-2013-6800 is a dup of CVE-2013-1418

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6800
> is the same issue as 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418
> 
> (basically the same code fix for the same issue,

The scope of CVE-2013-1418 is this part of
c2ccf4197f697c4ff143b8a786acdd875e70a89d:

  Multi-realm KDC null deref [CVE-2013-1418] ... If a KDC serves
  multiple realms, certain requests can cause setup_server_realm() to
  dereference a null pointer, crashing the KDC.

  CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C


The scope of CVE-2013-6800 is this part of
c2ccf4197f697c4ff143b8a786acdd875e70a89d:

  A related but more minor vulnerability requires authentication to
  exploit, and is only present if a third-party KDC database module can
  dereference a null pointer under certain conditions.


The practical relevance of the second CVE is that, based on the
available information, a KDC apparently can be vulnerable to
CVE-2013-6800 even if the CVE-2013-1418 exploitation conditions are
not met. The vendor's disclosure binds the CVE-2013-1418 ID only to a
subset of the c2ccf4197f697c4ff143b8a786acdd875e70a89d comment. This
was accompanied by a similar binding within third-party references
such as 1026942 in the Red Hat Bugzilla. It is conceivable that
someone would want to track CVE-2013-6800 even if they determined that
CVE-2013-1418 was not relevant to their installation.

In general, even if a single patch could address two distinct types of
attacks, that does not necessarily mean that two CVEs are duplicates.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTFgz+AAoJEKllVAevmvmsg2AIAK3YEISuzaCFszqZIUMc7xTu
c19WulvIAzWTzCplCiYsq/y9y146PKCNSKeYZM9pLx/Nk5kz0m9627YmqCOxbzMx
7xQw0fn5F07/wOn2HFGdh6MxC1J7qGK+2EyBeL6yYdTEY4aNdLNGTZZP5YzQAP7O
yHL7Bh2ko3WWZKZ2f4qTGzRvbN7G5ZDQzTsTYDJUhqQUuvMCnP8NpnTb7qC/RGNH
k+u7lkohA/1gst476tb/uVSAYfwH/8zPkhygC6WlSRwrs3DoP+T6Ycle+6+1hH4z
7dlr1GXmAx989KG6TsjY+gmM9DHAnAOTM9wMA1ext8OWX7a40qVFlhZbQMr+M8Q=
=oIex
-----END PGP SIGNATURE-----
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC