Vigil@nce - MIT krb5: NULL pointer dereference via KDC multiple realms
December 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can dereference a NULL pointer in KDC of MIT krb5, in
order to trigger a denial of service.
– Impacted products: MIT krb5
– Severity: 2/4
– Creation date: 19/11/2013
DESCRIPTION OF THE VULNERABILITY
The MIT krb5 product implements a Kerberos KDC (Key Distribution
Center).
However, if the KDC serves several realms, it does not check if
the pointer is NULL, before using it.
An attacker can therefore dereference a NULL pointer in KDC of MIT
krb5, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/MIT-krb5-NULL-pointer-dereference-via-KDC-multiple-realms-13794