CVE-2016-3120 - Vulnerability Details

Vendors	Products
Mit	Kerberos 5
Redhat	Enterprise Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
krb5-0:1.14.1-26.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:2591	2016-11-03T00:00:00Z

Link	Providers
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458
http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html
http://rhn.redhat.com/errata/RHSA-2016-2591.html
http://web.mit.edu/kerberos/krb5-1.13/
http://web.mit.edu/kerberos/krb5-1.14/
http://www.securityfocus.com/bid/92132
http://www.securitytracker.com/id/1036442
https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/
https://nvd.nist.gov/vuln/detail/CVE-2016-3120
https://www.cve.org/CVERecord?id=CVE-2016-3120

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-02T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}, {"name": "92132", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92132"}, {"name": "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"}, {"name": "openSUSE-SU-2016:2268", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458"}, {"name": "1036442", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036442"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/krb5-1.13/"}, {"name": "RHSA-2016:2591", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2591.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/krb5-1.14/"}, {"name": "FEDORA-2016-0674a3c372", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3120", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7", "refsource": "CONFIRM", "url": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}, {"name": "92132", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92132"}, {"name": "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"}, {"name": "openSUSE-SU-2016:2268", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html"}, {"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458", "refsource": "CONFIRM", "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458"}, {"name": "1036442", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036442"}, {"name": "http://web.mit.edu/kerberos/krb5-1.13/", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/krb5-1.13/"}, {"name": "RHSA-2016:2591", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2591.html"}, {"name": "http://web.mit.edu/kerberos/krb5-1.14/", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/krb5-1.14/"}, {"name": "FEDORA-2016-0674a3c372", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:47:57.164Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}, {"name": "92132", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92132"}, {"name": "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"}, {"name": "openSUSE-SU-2016:2268", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458"}, {"name": "1036442", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036442"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/krb5-1.13/"}, {"name": "RHSA-2016:2591", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2591.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/krb5-1.14/"}, {"name": "FEDORA-2016-0674a3c372", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3120", "datePublished": "2016-08-01T01:00:00", "dateReserved": "2016-03-11T00:00:00", "dateUpdated": "2024-08-05T23:47:57.164Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-07-20T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-02-02T10:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7 (string)

}

1 : { »

name : 92132 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/92132 (string)

}

2 : { »

name : [debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html (string)

}

3 : { »

name : openSUSE-SU-2016:2268 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 (string)

}

5 : { »

name : 1036442 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1036442 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://web.mit.edu/kerberos/krb5-1.13/ (string)

}

7 : { »

name : RHSA-2016:2591 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-2591.html (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://web.mit.edu/kerberos/krb5-1.14/ (string)

}

9 : { »

name : FEDORA-2016-0674a3c372 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/ (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2016-3120 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7 (string)

refsource : CONFIRM (string)

url : https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7 (string)

}

1 : { »

name : 92132 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/92132 (string)

}

2 : { »

name : [debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update (string)

refsource : MLIST (string)

url : https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html (string)

}

3 : { »

name : openSUSE-SU-2016:2268 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html (string)

}

4 : { »

name : http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 (string)

refsource : CONFIRM (string)

url : http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 (string)

}

5 : { »

name : 1036442 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1036442 (string)

}

6 : { »

name : http://web.mit.edu/kerberos/krb5-1.13/ (string)

refsource : CONFIRM (string)

url : http://web.mit.edu/kerberos/krb5-1.13/ (string)

}

7 : { »

name : RHSA-2016:2591 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-2591.html (string)

}

8 : { »

name : http://web.mit.edu/kerberos/krb5-1.14/ (string)

refsource : CONFIRM (string)

url : http://web.mit.edu/kerberos/krb5-1.14/ (string)

}

9 : { »

name : FEDORA-2016-0674a3c372 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/ (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T23:47:57.164Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7 (string)

}

1 : { »

name : 92132 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/92132 (string)

}

2 : { »

name : [debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html (string)

}

3 : { »

name : openSUSE-SU-2016:2268 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 (string)

}

5 : { »

name : 1036442 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1036442 (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://web.mit.edu/kerberos/krb5-1.13/ (string)

}

7 : { »

name : RHSA-2016:2591 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-2591.html (string)

}

8 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://web.mit.edu/kerberos/krb5-1.14/ (string)

}

9 : { »

name : FEDORA-2016-0674a3c372 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2016-3120 (string)

datePublished : 2016-08-01T01:00:00 (string)

dateReserved : 2016-03-11T00:00:00 (string)

dateUpdated : 2024-08-05T23:47:57.164Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*", "matchCriteriaId": "169D00BD-344F-453C-BE7C-9DF0740080BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "765B3248-A524-4A79-858C-E787C1C1599E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "BF1BB0AB-2C22-49F9-9D2A-074D2F711BA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "C8EC001E-9507-410D-836F-93002789D574", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "CC0939BF-9ACB-41A7-9B48-0FBF1176C8CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*", "matchCriteriaId": "0037EF80-A599-4938-889F-9276E339A8E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*", "matchCriteriaId": "1CABFE58-4811-49EC-8565-35EB7D5F6F4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*", "matchCriteriaId": "6E30B176-1FE5-4C53-8B79-2E6D87DF05B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "E650B5A3-99CA-491B-A1FB-259EF548D92E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "091F3C51-980E-482F-9882-0A555A8F74BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request."}, {"lang": "es", "value": "La funci\u00f3n validate_as_request en kdc_util.c en el Key Distribution Center (KDC) en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) en versiones anteriores a 1.13.6 y 1.4.x en versiones anteriores a 1.14.3, cuando restrict_anonymous_to_tgt est\u00e1 activo, utiliza una estructura de datos de clientes incorrecta, lo que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (referencia al puntero NULO y ca\u00edda de daemon) a trav\u00e9s de una petici\u00f3n S4U2Selft."}], "id": "CVE-2016-3120", "lastModified": "2024-11-21T02:49:25.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-01T02:59:12.370", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-2591.html"}, {"source": "cve@mitre.org", "url": "http://web.mit.edu/kerberos/krb5-1.13/"}, {"source": "cve@mitre.org", "url": "http://web.mit.edu/kerberos/krb5-1.14/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/92132"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036442"}, {"source": "cve@mitre.org", "url": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2591.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://web.mit.edu/kerberos/krb5-1.13/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://web.mit.edu/kerberos/krb5-1.14/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/92132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036442"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:* (string)

matchCriteriaId : 169D00BD-344F-453C-BE7C-9DF0740080BB (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 765B3248-A524-4A79-858C-E787C1C1599E (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:* (string)

matchCriteriaId : BF1BB0AB-2C22-49F9-9D2A-074D2F711BA8 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:* (string)

matchCriteriaId : C8EC001E-9507-410D-836F-93002789D574 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:mit:kerberos_5:1.13.4:*:*:*:*:*:*:* (string)

matchCriteriaId : CC0939BF-9ACB-41A7-9B48-0FBF1176C8CB (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 0037EF80-A599-4938-889F-9276E339A8E0 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 1CABFE58-4811-49EC-8565-35EB7D5F6F4C (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:* (string)

matchCriteriaId : 6E30B176-1FE5-4C53-8B79-2E6D87DF05B3 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:* (string)

matchCriteriaId : E650B5A3-99CA-491B-A1FB-259EF548D92E (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 091F3C51-980E-482F-9882-0A555A8F74BC (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. (string)

}

1 : { »

lang : es (string)

value : La función validate_as_request en kdc_util.c en el Key Distribution Center (KDC) en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.13.6 y 1.4.x en versiones anteriores a 1.14.3, cuando restrict_anonymous_to_tgt está activo, utiliza una estructura de datos de clientes incorrecta, lo que permite a usuarios remotos autenticados provocar una denegación de servicio (referencia al puntero NULO y caída de daemon) a través de una petición S4U2Selft. (string)

}

]

id : CVE-2016-3120 (string)

lastModified : 2024-11-21T02:49:25.300 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:S/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-08-01T02:59:12.370 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

]

url : http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2016-2591.html (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://web.mit.edu/kerberos/krb5-1.13/ (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://web.mit.edu/kerberos/krb5-1.14/ (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/92132 (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://www.securitytracker.com/id/1036442 (string)

}

7 : { »

source : cve@mitre.org (string)

url : https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7 (string)

}

8 : { »

source : cve@mitre.org (string)

url : https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html (string)

}

9 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/ (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

]

url : http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-2591.html (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://web.mit.edu/kerberos/krb5-1.13/ (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://web.mit.edu/kerberos/krb5-1.14/ (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/92132 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1036442 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/ (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-476 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2016:2591", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "krb5-0:1.14.1-26.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-11-03T00:00:00Z"}], "bugzilla": {"description": "krb5: S4U2Self KDC crash when anon is restricted", "id": "1361050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361050"}, "csaw": false, "cvss": {"cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", "A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true."], "name": "CVE-2016-3120", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat JBoss Enterprise Web Server 3"}], "public_date": "2016-07-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-3120\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3120"], "threat_severity": "Low"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2016:2591 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : krb5-0:1.14.1-26.el7 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2016-11-03T00:00:00Z (string)

}

]

bugzilla : { »

description : krb5: S4U2Self KDC crash when anon is restricted (string)

id : 1361050 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1361050 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 3.5 (string)

cvss_scoring_vector : AV:N/AC:M/Au:S/C:N/I:N/A:P (string)

status : verified (string)

}

cvss3 : { »

cvss3_base_score : 5.3 (string)

cvss3_scoring_vector : CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

status : verified (string)

}

cwe : CWE-476 (string)

details : [ »

0 : The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request. (string)

1 : A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (string)

]

name : CVE-2016-3120 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : krb5 (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Will not fix (string)

package_name : krb5 (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

2 : { »

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:6 (string)

fix_state : Not affected (string)

package_name : krb5 (string)

product_name : Red Hat JBoss Enterprise Application Platform 6 (string)

}

3 : { »

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:7 (string)

fix_state : Not affected (string)

package_name : krb5 (string)

product_name : Red Hat JBoss Enterprise Application Platform 7 (string)

}

4 : { »

cpe : cpe:/a:redhat:jboss_enterprise_web_server:2 (string)

fix_state : Not affected (string)

package_name : krb5 (string)

product_name : Red Hat JBoss Enterprise Web Server 2 (string)

}

5 : { »

cpe : cpe:/a:redhat:jboss_enterprise_web_server:3 (string)

fix_state : Not affected (string)

package_name : krb5 (string)

product_name : Red Hat JBoss Enterprise Web Server 3 (string)

}

]

public_date : 2016-07-19T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2016-3120 https://nvd.nist.gov/vuln/detail/CVE-2016-3120 (string)

]

threat_severity : Low (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object