{ "threat_severity" : "Low", "public_date" : "2016-03-14T00:00:00Z", "bugzilla" : { "description" : "krb5: null pointer dereference in kadmin", "id" : "1319616", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1319616" }, "cvss" : { "cvss_base_score" : "2.1", "cvss_scoring_vector" : "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status" : "verified" }, "cwe" : "CWE-476", "details" : [ "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", "A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-11-03T00:00:00Z", "advisory" : "RHSA-2016:2591", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "krb5-0:1.14.1-26.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Will not fix", "package_name" : "krb5", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "krb5", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat JBoss Enterprise Web Server 2", "fix_state" : "Not affected", "package_name" : "krb5", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-3119\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3119" ], "name" : "CVE-2016-3119", "csaw" : false }