CVE-2013-6800

Related Files

Red Hat Security Advisory 2014-1389-02

Posted Oct 14, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1389-02 - Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345

SHA-256 | c2947ddb91d4200d6e969ec8c1740f81beee6d987fb797c219ac8a48d6353a72

Download | Favorite | View

Red Hat Security Advisory 2014-1245-01

Posted Sep 16, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1245-01 - Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4344

SHA-256 | dc9963bd6d74a1f7b5b9eb0c9ad8111607cf554b83071de41c6384916d9f5999

Download | Favorite | View

Ubuntu Security Notice USN-2310-1

Posted Aug 11, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2310-1 - It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2012-1016, CVE-2013-1415, CVE-2013-1416, CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345

SHA-256 | 58d3eb1fd12379457b7d374a0622ac5c590760d80a72c972ae312eb6169fd50c

Download | Favorite | View

Gentoo Linux Security Advisory 201312-12

Posted Dec 17, 2013

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-12 - Multiple vulnerabilities have been discovered in MIT Kerberos 5, allowing execution of arbitrary code or Denial of Service. Versions less than 1.11.4 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2002-2443, CVE-2012-1014, CVE-2012-1015, CVE-2013-1416, CVE-2013-1417, CVE-2013-1418, CVE-2013-6800

SHA-256 | 2889e0196fe0b9aaeb676d58c3158d721d6a9e4252a764b323f60b1d630fde77

Download | Favorite | View