An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function strlen is getting a NULL string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kerberos | Mit | * | 5-1.16 (including) |
Krb5 | Ubuntu | artful | * |
Krb5 | Ubuntu | bionic | * |
Krb5 | Ubuntu | cosmic | * |
Krb5 | Ubuntu | esm-infra/xenial | * |
Krb5 | Ubuntu | precise/esm | * |
Krb5 | Ubuntu | trusty | * |
Krb5 | Ubuntu | trusty/esm | * |
Krb5 | Ubuntu | upstream | * |
Krb5 | Ubuntu | xenial | * |