Candidate: CVE-2016-3119
PublicDate: 2016-03-26 01:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119
Description:
 The process_db_args function in
 plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in
 kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through
 1.14.1 mishandles the DB argument, which allows remote authenticated users
 to cause a denial of service (NULL pointer dereference and daemon crash)
 via a crafted request to modify a principal.
Ubuntu-Description:
 It was discovered that Kerberos incorrectly handled certain requests. A
 remote authenticated attacker could possibly use this issue to cause a
 denial of service.
Notes:
 ratliff> kadmind is not supported in core and touch
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H [5.3 MEDIUM]

Patches_krb5:
 upstream: https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
Tags_krb5: universe-binary
upstream_krb5: released (1.14.2+dfsg-1)
precise_krb5: ignored (reached end-of-life)
precise/esm_krb5: ignored (end of ESM support, was needed)
trusty_krb5: released (1.12+dfsg-2ubuntu5.4)
trusty/esm_krb5: released (1.12+dfsg-2ubuntu5.4)
vivid/stable-phone-overlay_krb5: ignored
vivid/ubuntu-core_krb5: ignored
wily_krb5: ignored (reached end-of-life)
xenial_krb5: released (1.13.2+dfsg-5ubuntu2.1)
esm-infra/xenial_krb5: released (1.13.2+dfsg-5ubuntu2.1)
yakkety_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
zesty_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
artful_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
bionic_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
cosmic_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
disco_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
eoan_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
focal_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
groovy_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
hirsute_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
devel_krb5: not-affected (1.14.3+dfsg-2ubuntu1)