CVE-2013-1415

Publication date 5 March 2013

Last updated 24 July 2024


Ubuntu priority

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.

Status

Package Ubuntu Release Status
krb5 14.04 LTS trusty
Not affected
13.10 saucy
Not affected
13.04 raring
Not affected
12.10 quantal Ignored end of life
12.04 LTS precise
Fixed 1.10+dfsg~beta1-2ubuntu0.5
11.10 oneiric Ignored end of life
10.04 LTS lucid
Fixed 1.8.1+dfsg-2ubuntu0.13
8.04 LTS hardy Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
krb5

References

Related Ubuntu Security Notices (USN)

    • USN-2310-1
    • Kerberos vulnerabilities
    • 11 August 2014

Other references