#VU56828 NULL pointer dereference in Kerberos 5


Published: 2021-09-22 | Updated: 2022-03-15

Vulnerability identifier: #VU56828

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37750

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Kerberos 5
Client/Desktop applications / Software for system administration

Vendor: MIT

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Key Distribution Center (KDC) in kdc/do_tgs_req.c. A remote user can pass specially crafted data via the FAST inner body that lacks a server field, trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Kerberos 5: 1.18 - 1.19.2

External links
http://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data
Multiple vulnerabilities in Dell PowerProtect Cyber Recovery
VMware Tanzu products update for Kerberos
Ubuntu update for krb5
SUSE update for krb5
Multiple vulnerabilities in Juniper Networks Session Smart Router
Denial of service in PowerSC
Multiple vulnerabilities in Red Hat Service Telemetry Framework
Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Slice Selection Function
Multiple vulnerabilities in Junos Space