Vulnerabilities > CVE-2012-1013 - Denial Of Service vulnerability in MIT Kerberos 5 'check_1_6_dummy()' Function NULL Pointer Dereference
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-8784.NASL description This update incorporates the upstream fix to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-14 plugin id 59484 published 2012-06-14 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59484 title Fedora 17 : krb5-1.10-7.fc17 (2012-8784) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-8784. # include("compat.inc"); if (description) { script_id(59484); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-1013"); script_bugtraq_id(53784); script_xref(name:"FEDORA", value:"2012-8784"); script_name(english:"Fedora 17 : krb5-1.10-7.fc17 (2012-8784)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update incorporates the upstream fix to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=827517" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082183.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3679fa64" ); script_set_attribute(attribute:"solution", value:"Update the affected krb5 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:krb5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"krb5-1.10-7.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1131.NASL description Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015) A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the last seen 2020-06-01 modified 2020-06-02 plugin id 67093 published 2013-06-29 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67093 title CentOS 6 : krb5 (CESA-2012:1131) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8803.NASL description This update incorporates the upstream fix to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-14 plugin id 59485 published 2012-06-14 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59485 title Fedora 16 : krb5-1.9.3-2.fc16 (2012-8803) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1131.NASL description From Red Hat Security Advisory 2012:1131 : Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015) A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the last seen 2020-06-01 modified 2020-06-02 plugin id 68589 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68589 title Oracle Linux 6 : krb5 (ELSA-2012-1131) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8805.NASL description This update incorporates the upstream fix to correct a possible NULL pointer dereference in kadmind (CVE-2012-1013). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-14 plugin id 59486 published 2012-06-14 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59486 title Fedora 15 : krb5-1.9.3-2.fc15 (2012-8805) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1131.NASL description Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015) A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the last seen 2020-06-01 modified 2020-06-02 plugin id 61377 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61377 title RHEL 6 : krb5 (RHSA-2012:1131) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1520-1.NASL description Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2012-1015) Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1014) Simo Sorce discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference a NULL pointer when handling a malformed TGS-REQ message. A remote authenticated attacker could use this to cause a denial of service. (CVE-2012-1013) It was discovered that the kadmin protocol implementation in MIT krb5 did not properly restrict access to the SET_STRING and GET_STRINGS operations. A remote authenticated attacker could use this to expose or modify sensitive information. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1012). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 61379 published 2012-08-01 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61379 title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : krb5 vulnerabilities (USN-1520-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-102.NASL description A vulnerability has been discovered and corrected in krb5 : Fix a kadmind denial of service issue (NULL pointer dereference), which could only be triggered by an administrator with the create privilege (CVE-2012-1013). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 59860 published 2012-07-07 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59860 title Mandriva Linux Security Advisory : krb5 (MDVSA-2012:102) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1200.NASL description An updated rhev-hypervisor6 package that fixes multiple security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Multiple errors in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 78931 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78931 title RHEL 6 : rhev-hypervisor6 (RHSA-2012:1200) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-360.NASL description Fixing CVE-2012-1013 (krb5 kadmind denial of service via NULL pointer dereference) last seen 2020-06-05 modified 2014-06-13 plugin id 74662 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74662 title openSUSE Security Update : krb5 (openSUSE-SU-2012:0834-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-042.NASL description Multiple vulnerabilities has been discovered and corrected in krb5 : Fix a kadmind denial of service issue (NULL pointer dereference), which could only be triggered by an administrator with the create privilege (CVE-2012-1013). The MIT krb5 KDC (Key Distribution Center) daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability (CVE-2012-1015). It was reported that the KDC plugin for PKINIT could dereference a NULL pointer when a malformed packet caused processing to terminate early, which led to a crash of the KDC process. An attacker would require a valid PKINIT certificate or have observed a successful PKINIT authentication to execute a successful attack. In addition, an unauthenticated attacker could execute the attack of anonymouse PKINIT was enabled (CVE-2013-1415). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66056 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66056 title Mandriva Linux Security Advisory : krb5 (MDVSA-2013:042) NASL family Scientific Linux Local Security Checks NASL id SL_20120731_KRB5_ON_SL6_X.NASL description Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015) A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the last seen 2020-03-18 modified 2012-08-03 plugin id 61407 published 2012-08-03 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61407 title Scientific Linux Security Update : krb5 on SL6.x i386/x86_64 (20120731) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-114.NASL description An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially crafted AS-REQ request. (CVE-2012-1015) A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the last seen 2020-06-01 modified 2020-06-02 plugin id 69604 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69604 title Amazon Linux AMI : krb5 (ALAS-2012-114)
Redhat
advisories |
| ||||
rpms |
|
References
- http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7152
- http://mailman.mit.edu/pipermail/kerberos-announce/2012q2/000136.html
- http://rhn.redhat.com/errata/RHSA-2012-1131.html
- http://web.mit.edu/kerberos/krb5-1.10/
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:102
- http://www.securityfocus.com/bid/53784
- https://bugzilla.redhat.com/show_bug.cgi?id=827517
- https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77b
- https://hermes.opensuse.org/messages/15083635