Bug 1361050 (CVE-2016-3120) - CVE-2016-3120 krb5: S4U2Self KDC crash when anon is restricted
Summary: CVE-2016-3120 krb5: S4U2Self KDC crash when anon is restricted
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-3120
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1361051 1361504
Blocks: 1323912 1361052
TreeView+ depends on / blocked
 
Reported: 2016-07-28 09:19 UTC by Adam Mariš
Modified: 2019-12-16 06:13 UTC (History)
37 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true.
Clone Of:
Environment:
Last Closed: 2016-11-06 04:20:17 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2591 0 normal SHIPPED_LIVE Low: krb5 security, bug fix, and enhancement update 2016-11-03 12:10:29 UTC

Description Adam Mariš 2016-07-28 09:19:46 UTC
It was found that in MIT krb5 1.9 and later, an authenticated attacker can cause krb5kdc to dereference a null pointer if the restrict_anonymous_to_tgt option is set to true, by making an S4U2Self request.

Upstream patch:

https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7

Comment 1 Adam Mariš 2016-07-28 09:20:20 UTC
Created krb5 tracking bugs for this issue:

Affects: fedora-all [bug 1361051]

Comment 3 Fedora Update System 2016-08-01 16:23:05 UTC
krb5-1.14.1-8.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2016-08-31 12:21:45 UTC
krb5-1.14.3-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2016-09-01 18:50:23 UTC
krb5-1.14.3-8.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 errata-xmlrpc 2016-11-03 20:25:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2016:2591 https://rhn.redhat.com/errata/RHSA-2016-2591.html


Note You need to log in before you can comment on or make changes to this bug.