LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

krb5: denial of service

Package(s):krb5 CVE #(s):CVE-2013-1415
Created:March 11, 2013 Updated:March 25, 2013
Description: From the CVE entry:

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

Alerts:
Mageia MGASA-2013-0087 2013-03-09
Fedora FEDORA-2013-3116 2013-03-16
Red Hat RHSA-2013:0656-01 2013-03-18
Scientific Linux SL-krb5-20130318 2013-03-18
CentOS CESA-2013:0656 2013-03-18
Oracle ELSA-2013-0656 2013-03-18
openSUSE openSUSE-SU-2013:0498-1 2013-03-20
Fedora FEDORA-2013-3147 2013-03-22
openSUSE openSUSE-SU-2013:0523-1 2013-03-22
Mandriva MDVSA-2013:042 2013-04-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds