CVE-2016-3120medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.
References
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458
http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html
http://rhn.redhat.com/errata/RHSA-2016-2591.html
http://web.mit.edu/kerberos/krb5-1.13/
http://web.mit.edu/kerberos/krb5-1.14/
http://www.securityfocus.com/bid/92132
http://www.securitytracker.com/id/1036442
https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
Details
Source: MITRE
Published: 2016-08-01
Updated: 2020-01-21
Type: CWE-476
Risk Information
CVSS v2
Base Score: 4
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8
Severity: MEDIUM
CVSS v3
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.13.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 121701 | Photon OS 1.0: Krb5 PHSA-2017-0021 | Nessus | PhotonOS Local Security Checks | high |
| 111870 | Photon OS 1.0: Bindutils / Krb5 / Ruby / Sudo / Zlib PHSA-2017-0021 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
| 106536 | Debian DLA-1265-1 : krb5 security update | Nessus | Debian Local Security Checks | medium |
| 99836 | EulerOS 2.0 SP1 : krb5 (EulerOS-SA-2016-1076) | Nessus | Huawei Local Security Checks | medium |
| 97023 | Amazon Linux AMI : krb5 (ALAS-2017-793) | Nessus | Amazon Linux Local Security Checks | medium |
| 95842 | Scientific Linux Security Update : krb5 on SL7.x x86_64 (20161103) | Nessus | Scientific Linux Local Security Checks | medium |
| 95337 | CentOS 7 : krb5 (CESA-2016:2591) | Nessus | CentOS Local Security Checks | medium |
| 94712 | Oracle Linux 7 : krb5 (ELSA-2016-2591) | Nessus | Oracle Linux Local Security Checks | medium |
| 94554 | RHEL 7 : krb5 (RHSA-2016:2591) | Nessus | Red Hat Local Security Checks | medium |
| 93393 | openSUSE Security Update : krb5 (openSUSE-2016-1065) | Nessus | SuSE Local Security Checks | medium |
| 93303 | SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2016:2136-1) | Nessus | SuSE Local Security Checks | medium |
| 93266 | Fedora 23 : krb5 (2016-f405b25923) | Nessus | Fedora Local Security Checks | medium |
| 93262 | Fedora 23 : krb5 (2016-4a36663643) | Nessus | Fedora Local Security Checks | medium |
| 92668 | Fedora 24 : krb5 (2016-0674a3c372) | Nessus | Fedora Local Security Checks | medium |
| 92503 | FreeBSD : krb5 -- KDC denial of service vulnerability (62d45229-4fa0-11e6-9d13-206a8a720317) | Nessus | FreeBSD Local Security Checks | medium |