Signature Detail
Short Name |
APP:KERBEROS:MIT-KRB5-DOS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
MIT Kerberos 5 KDC pkinit_check_kdc_pkid NULL Pointer Dereference |
Release Date |
2013/04/15 |
Update Number |
2254 |
Supported Platforms |
idp-4.1+, isg-3.5+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: MIT Kerberos 5 KDC pkinit_check_kdc_pkid NULL Pointer Dereference
This signature detects attempts to exploit a known vulnerability against MIT Kerberos 5 KDC Server. A successful attack can result in a denial-of-service condition.
Extended Description
The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.
Affected Products
- mit kerberos 5-1.10
- mit kerberos 5-1.10.1
- mit kerberos 5-1.10.2
- mit kerberos 5-1.11
- mit kerberos up to 5-1.10.3
References
- BugTraq: 58144
- CVE: CVE-2013-1415