CVE-2012-1016

Related Files

Ubuntu Security Notice USN-2310-1

Posted Aug 11, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2310-1 - It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2012-1016, CVE-2013-1415, CVE-2013-1416, CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345

SHA-256 | 58d3eb1fd12379457b7d374a0622ac5c590760d80a72c972ae312eb6169fd50c

Download | Favorite | View

Red Hat Security Advisory 2013-0656-01

Posted Mar 19, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0656-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. When a client attempts to use PKINIT to obtain credentials from the KDC, the client can specify, using an issuer and serial number, which of the KDC's possibly-many certificates the client has in its possession, as a hint to the KDC that it should use the corresponding key to sign its response. If that specification was malformed, the KDC could attempt to dereference a NULL pointer and crash.

tags | advisory

systems | linux, redhat

advisories | CVE-2012-1016, CVE-2013-1415

SHA-256 | ae64f0d8660d8e70b0f6e87ef8c95b8e6cb89169331fdb488630f43097332517

Download | Favorite | View