Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2016-3119

Disclosure Date: March 26, 2016 •

CVE-2016-3119 CVSS v3 Base Score: 5.3

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.3 Medium

Impact Score:

3.6

Exploitability Score:

1.6

Vector:

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

mit,
opensuse

Products

kerberos 5 1.0,
kerberos 5 1.0.6,
kerberos 5 1.1,
kerberos 5 1.1.1,
kerberos 5 1.10,
kerberos 5 1.10.1,
kerberos 5 1.10.2,
kerberos 5 1.10.3,
kerberos 5 1.10.4,
kerberos 5 1.11,
kerberos 5 1.11.1,
kerberos 5 1.11.2,
kerberos 5 1.11.3,
kerberos 5 1.11.4,
kerberos 5 1.11.5,
kerberos 5 1.12,
kerberos 5 1.12.1,
kerberos 5 1.12.2,
kerberos 5 1.12.3,
kerberos 5 1.13,
kerberos 5 1.13.1,
kerberos 5 1.13.2,
kerberos 5 1.13.3,
kerberos 5 1.13.4,
kerberos 5 1.14,
kerberos 5 1.14.0,
kerberos 5 1.14.1,
kerberos 5 1.2,
kerberos 5 1.2.1,
kerberos 5 1.2.2,
kerberos 5 1.2.3,
kerberos 5 1.2.4,
kerberos 5 1.2.5,
kerberos 5 1.2.6,
kerberos 5 1.2.7,
kerberos 5 1.2.8,
kerberos 5 1.3,
kerberos 5 1.3.1,
kerberos 5 1.3.2,
kerberos 5 1.3.3,
kerberos 5 1.3.4,
kerberos 5 1.3.5,
kerberos 5 1.3.6,
kerberos 5 1.4,
kerberos 5 1.4.1,
kerberos 5 1.4.2,
kerberos 5 1.4.3,
kerberos 5 1.4.4,
kerberos 5 1.5,
kerberos 5 1.5.1,
kerberos 5 1.5.2,
kerberos 5 1.5.3,
kerberos 5 1.6,
kerberos 5 1.6.1,
kerberos 5 1.6.2,
kerberos 5 1.7,
kerberos 5 1.7.1,
kerberos 5 1.8,
kerberos 5 1.8.1,
kerberos 5 1.8.2,
kerberos 5 1.8.3,
kerberos 5 1.8.4,
kerberos 5 1.8.5,
kerberos 5 1.8.6,
kerberos 5 1.9,
kerberos 5 1.9.1,
kerberos 5 1.9.2,
kerberos 5 1.9.3,
kerberos 5 1.9.4,
leap 42.1,
opensuse 13.2

References

Canonical

CVE-2016-3119 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119)

BID-85392 (http://www.securityfocus.com/bid/85392)

Advisory

http://lists.opensuse.org/opensuse-updates/2016-04/msg00055.html

[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update (https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html)

SECTRACK-1035399 (http://www.securitytracker.com/id/1035399)

http://lists.opensuse.org/opensuse-updates/2016-04/msg00007.html

http://rhn.redhat.com/errata/RHSA-2016-2591.html

https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99

Rapid7

Unknown

CVE-2016-3119

Unknown

Unknown

None

Low

Network

CVE-2016-3119

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2016-3119

Unknown

Unknown

None

Low

Network

CVE-2016-3119

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification