Red Hat Bugzilla – Bug 949984
CVE-2013-1416 krb5: NULL pointer dereference (DoS, KDC crash) by processing certain TGS requests
Last modified: 2016-03-04 06:30:41 EST
A NULL pointer deference flaw was found in the way key distribution center (KDC) of MIT Kerberos 5, a network authentication system, performed processing of certain ticket-granting service requests (TGS-REQs). A remote authenticated attacker could use this flaw to cause the KDC process to crash (attempting to dereference a NULL pointer).
Relevant upstream patch:
This issue affects the versions of the krb5 package, as shipped with Fedora release of 17 and 18. Please schedule an update.
Created krb5 tracking bugs for this issue
Affects: fedora-all [bug 949987]
This issue did NOT affect the versions of the krb5 package, as shipped with Red Hat Enterprise Linux 4 and 5.
This issue affects the version of the krb5 package, as shipped with Red Hat Enterprise Linux 6.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 and 5.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0748 https://rhn.redhat.com/errata/RHSA-2013-0748.html
krb5-1.10.3-15.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.10.2-10.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Kerberos 5 release 1.10.5 announcement:
Kerberos 5 release 1.9.5 announcement: