#VU33628 Input validation error - CVE-2016-3119

Cybersecurity Help s.r.o.

Published: 2016-03-26 | Updated: 2020-08-04

Vulnerability identifier: #VU33628

Vulnerability risk: Medium

CVSSv4.0: 2.3 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-3119

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Description

The vulnerability allows remote authenticated users to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links
https://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html
https://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html
https://rhn.redhat.com/errata/RHSA-2016-2591.html
https://www.securityfocus.com/bid/85392
https://www.securitytracker.com/id/1035399
https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for krb5

Red Hat Enterprise Linux 7 update for krb5

Input validation error in krb5 (Alpine package)

Fedora 24 update for krb5

Fedora 23 update for krb5

Fedora 22 update for krb5