CVE-2013-6800

Priority
Low
Description
An unspecified third-party database module for the Key Distribution Center
(KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users
to cause a denial of service (NULL pointer dereference and daemon crash)
via a crafted request, a different vulnerability than CVE-2013-1418.
References
Bugs
Notes
mdeslaur> This is a split from CVE-2013-1418 with the same patch
Assigned-to
mdeslaur
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):released (1.8.1+dfsg-2ubuntu0.13)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.10+dfsg~beta1-2ubuntu0.5)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (1.12+dfsg-2ubuntu4)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1.12+dfsg-2ubuntu4)
Patches:
Upstream:https://github.com/krb5/krb5/commit/5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf (1.12)
Upstream:https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d (1.10.7)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-08-11 14:14:45 UTC (commit 8348)