Bug 1361050 (CVE-2016-3120)
Summary: | CVE-2016-3120 krb5: S4U2Self KDC crash when anon is restricted | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | abokovoy, bbaranow, bmaxwell, cdewolf, csutherl, dandread, darran.lofthouse, dkholia, dosoudil, dpal, fnasser, gzaronik, jason.greene, jawilson, jboss-set, jclere, jdoyle, jplans, jshepherd, j, lgao, mbabacek, myarboro, nalin, npmccallum, pgier, pkis, psakar, pslavice, rharwood, rnetuka, rsvoboda, sardella, slawomir, twalsh, vtunka, weli |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-11-06 04:20:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1361051, 1361504 | ||
Bug Blocks: | 1323912, 1361052 |
Description
Adam Mariš
2016-07-28 09:19:46 UTC
Created krb5 tracking bugs for this issue: Affects: fedora-all [bug 1361051] krb5-1.14.1-8.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. krb5-1.14.3-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. krb5-1.14.3-8.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2591 https://rhn.redhat.com/errata/RHSA-2016-2591.html |