CVE-2012-1014

Priority
Medium
Description
The process_as_req function in the Key Distribution Center (KDC) in MIT
Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain
structure member, which allows remote attackers to cause a denial of
service (uninitialized pointer dereference and daemon crash) or possibly
execute arbitrary code via a malformed AS-REQ request.
References
Notes
 sbeattie> krb5 1.10 and newer
 sbeattie> code execution potential probably blocked by glibc
  double-free detection
Assigned-to
sbeattie
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (1.10+dfsg~beta1-2ubuntu0.3)
Patches:
Upstream:http://web.mit.edu/kerberos/advisories/2012-001-patch.txt
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:30 UTC (commit 9756)