{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-02T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}, {"name": "92132", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92132"}, {"name": "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"}, {"name": "openSUSE-SU-2016:2268", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458"}, {"name": "1036442", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036442"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/krb5-1.13/"}, {"name": "RHSA-2016:2591", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2591.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/krb5-1.14/"}, {"name": "FEDORA-2016-0674a3c372", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-3120", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7", "refsource": "CONFIRM", "url": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}, {"name": "92132", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92132"}, {"name": "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"}, {"name": "openSUSE-SU-2016:2268", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html"}, {"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458", "refsource": "CONFIRM", "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458"}, {"name": "1036442", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036442"}, {"name": "http://web.mit.edu/kerberos/krb5-1.13/", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/krb5-1.13/"}, {"name": "RHSA-2016:2591", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2591.html"}, {"name": "http://web.mit.edu/kerberos/krb5-1.14/", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/krb5-1.14/"}, {"name": "FEDORA-2016-0674a3c372", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:47:57.164Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}, {"name": "92132", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92132"}, {"name": "[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"}, {"name": "openSUSE-SU-2016:2268", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458"}, {"name": "1036442", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036442"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/krb5-1.13/"}, {"name": "RHSA-2016:2591", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2591.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/krb5-1.14/"}, {"name": "FEDORA-2016-0674a3c372", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-3120", "datePublished": "2016-08-01T01:00:00", "dateReserved": "2016-03-11T00:00:00", "dateUpdated": "2024-08-05T23:47:57.164Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*", "matchCriteriaId": "169D00BD-344F-453C-BE7C-9DF0740080BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "765B3248-A524-4A79-858C-E787C1C1599E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "BF1BB0AB-2C22-49F9-9D2A-074D2F711BA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "C8EC001E-9507-410D-836F-93002789D574", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "CC0939BF-9ACB-41A7-9B48-0FBF1176C8CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.5:*:*:*:*:*:*:*", "matchCriteriaId": "0037EF80-A599-4938-889F-9276E339A8E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13.6:*:*:*:*:*:*:*", "matchCriteriaId": "1CABFE58-4811-49EC-8565-35EB7D5F6F4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14:*:*:*:*:*:*:*", "matchCriteriaId": "6E30B176-1FE5-4C53-8B79-2E6D87DF05B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "E650B5A3-99CA-491B-A1FB-259EF548D92E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "091F3C51-980E-482F-9882-0A555A8F74BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request."}, {"lang": "es", "value": "La funci\u00f3n validate_as_request en kdc_util.c en el Key Distribution Center (KDC) en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) en versiones anteriores a 1.13.6 y 1.4.x en versiones anteriores a 1.14.3, cuando restrict_anonymous_to_tgt est\u00e1 activo, utiliza una estructura de datos de clientes incorrecta, lo que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (referencia al puntero NULO y ca\u00edda de daemon) a trav\u00e9s de una petici\u00f3n S4U2Selft."}], "id": "CVE-2016-3120", "lastModified": "2023-11-07T02:32:08.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-01T02:59:12.370", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-2591.html"}, {"source": "cve@mitre.org", "url": "http://web.mit.edu/kerberos/krb5-1.13/"}, {"source": "cve@mitre.org", "url": "http://web.mit.edu/kerberos/krb5-1.14/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/92132"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1036442"}, {"source": "cve@mitre.org", "url": "https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2591", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "krb5-0:1.14.1-26.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-11-03T00:00:00Z"}], "bugzilla": {"description": "krb5: S4U2Self KDC crash when anon is restricted", "id": "1361050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361050"}, "csaw": false, "cvss": {"cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified"}, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", "A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true."], "name": "CVE-2016-3120", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat JBoss Enterprise Web Server 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat JBoss Enterprise Web Server 3"}], "public_date": "2016-07-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-3120\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3120"], "threat_severity": "Low"}