SB2016080111 - NULL pointer dereference in web.mit.edu krb5
Published: August 1, 2016 Updated: July 28, 2020
Security Bulletin ID
SB2016080111
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2016-3120)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an S4U2Self request.
Remediation
Install update from vendor's website.
References
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458
- http://lists.opensuse.org/opensuse-updates/2016-09/msg00035.html
- http://rhn.redhat.com/errata/RHSA-2016-2591.html
- http://web.mit.edu/kerberos/krb5-1.13/
- http://web.mit.edu/kerberos/krb5-1.14/
- http://www.securityfocus.com/bid/92132
- http://www.securitytracker.com/id/1036442
- https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7
- https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AWL3KYFRJIX37EAM4DKCQQIQP2WBKL35/