CVE-2013-1416

描述

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

受影響套件(1)

• Debian/krb5from 0, < 1.10.1+dfsg-5

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-1416