CVE-2012-1016 in Kerberosinfo

Summary

The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

ID	Vulnerability	CWE	Exp	Cou	CVE
7884	MIT Kerberos Key Distribution Center pkinit_srv.c pkinit_server_return_padata null pointer dereference	476	Not defined	Official fix	CVE-2012-1016

Reservation

02/07/2012

Disclosure

03/04/2013

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-1016
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-1016
CVE Details	https://www.cvedetails.com/cve/CVE-2012-1016/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!