CVE-2012-1013

Publication date 7 June 2012

Last updated 24 July 2024


Ubuntu priority

The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.

Read the notes from the security team

Status

Package Ubuntu Release Status
krb5 14.04 LTS trusty
Not affected
13.10 saucy
Not affected
13.04 raring
Not affected
12.10 quantal Ignored end of life
12.04 LTS precise
Fixed 1.10+dfsg~beta1-2ubuntu0.3
11.10 oneiric
Fixed 1.9.1+dfsg-1ubuntu2.3
11.04 natty
Fixed 1.8.3+dfsg-5ubuntu2.3
10.04 LTS lucid
Fixed 1.8.1+dfsg-2ubuntu0.11
8.04 LTS hardy Ignored end of life

Notes


sbeattie

can only be triggered by authenticated clients with admin privileges

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
krb5