Candidate: CVE-2013-1417
PublicDate: 2013-11-20 14:12:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417
 https://bugzilla.redhat.com/show_bug.cgi?id=1030743
Description:
 do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka
 krb5) 1.11 before 1.11.4, when a single-component realm name is used,
 allows remote authenticated users to cause a denial of service (daemon
 crash) via a TGS-REQ request that triggers an attempted cross-realm
 referral for a host-based service principal.
Ubuntu-Description:
Notes:
 mdeslaur> only 1.11.x
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730085
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Tags_krb5: universe-binary
Patches_krb5:
 upstream: https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc
upstream_krb5: released (1.11.4)
lucid_krb5: not-affected (1.8.1+dfsg-2ubuntu0.11)
precise_krb5: not-affected (1.10+dfsg~beta1-2ubuntu0.3)
quantal_krb5: not-affected (1.10.1+dfsg-2)
raring_krb5: not-affected (1.10.1+dfsg-4+nmu1)
saucy_krb5: not-affected (1.10.1+dfsg-6.1ubuntu1)
trusty_krb5: not-affected (1.12+dfsg-2ubuntu4)
trusty/esm_krb5: not-affected (1.12+dfsg-2ubuntu4)
devel_krb5: not-affected (1.12+dfsg-2ubuntu4)