• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

    Vulnerability Summary for CVE-2016-3119

     

    Original release date: 03/25/2016

    Last revised: 03/28/2016

    Source: US-CERT/NIST

     

    Overview

    The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.

     

    Description

    CWE-476: NULL Pointer Dereference

     

    Impact

    CVSS Severity (version 3.0):

    CVSS v3 Base Score: 5.3 Medium

    Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

    Impact Score: 3.6

    Exploitability Score: 1.6

     

    CVSS Version 3 Metrics:

    Attack Vector (AV): Network

    Attack Complexity (AC): High

    Privileges Required (PR): Low

    User Interaction (UI): None

    Scope (S): Unchanged

    Confidentiality (C): None

    Integrity (I): None

    Availability (A): High

     

    CVSS Severity (version 2.0):

    CVSS v2 Base Score: 3.5 LOW

    Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P) (legend)

    Impact Subscore: 2.9

    Exploitability Subscore: 6.8

     

    CVSS Version 2 Metrics:

    Access Vector: Network exploitable

    Access Complexity: Medium

    Authentication: Required to exploit

    Impact Type: Allows disruption of service

     

    References to Advisories, Solutions, and Tools

    By selecting these links, you will be leaving Trojan Horse Security's webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. Trojan Horse Security does not necessarily endorse the views expressed, or concur with the facts presented on these sites or accuracy. Trojan Horse Security will not be held responsible or liable for any reason Further, Trojan Horse Security does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to ContactUs@TrojanHorseSecurity.com

     

    External Source: CONFIRM

    Name: https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99

    Type: Patch Information

    Hyperlink: https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99

     

    Vulnerable software and versions

    + Configuration 1+ OR* cpe:/a:mit:kerberos:5-1.13.3

    * cpe:/a:mit:kerberos:5-1.14.0* cpe:/a:mit:kerberos:5-1.13.4

    * cpe:/a:mit:kerberos:5_1.3.3

    * cpe:/a:mit:kerberos:5_1.2:beta2

    * cpe:/a:mit:kerberos:5_1.2:beta1

    * cpe:/a:mit:kerberos:5_1.1.1

    * cpe:/a:mit:kerberos:5_1.1

    * cpe:/a:mit:kerberos:5_1.0.6

    * cpe:/a:mit:kerberos:5_1.0

    * cpe:/a:mit:kerberos:5-1.9.4

    * cpe:/a:mit:kerberos:5-1.9.3

    * cpe:/a:mit:kerberos:5-1.9.2

    * cpe:/a:mit:kerberos:5-1.9.1

    * cpe:/a:mit:kerberos:5-1.9

    * cpe:/a:mit:kerberos:5-1.8.6

    * cpe:/a:mit:kerberos:5-1.8.5

    * cpe:/a:mit:kerberos:5-1.8.4

    * cpe:/a:mit:kerberos:5-1.8.3

    * cpe:/a:mit:kerberos:5-1.8.2

    * cpe:/a:mit:kerberos:5-1.8.1

    * cpe:/a:mit:kerberos:5-1.8

    * cpe:/a:mit:kerberos:5-1.7.1

    * cpe:/a:mit:kerberos:5-1.7

    * cpe:/a:mit:kerberos:5-1.6.2

    * cpe:/a:mit:kerberos:5-1.6.1

    * cpe:/a:mit:kerberos:5-1.6

    * cpe:/a:mit:kerberos:5-1.5.3

    * cpe:/a:mit:kerberos:5-1.5.2

    * cpe:/a:mit:kerberos:5-1.5.1

    * cpe:/a:mit:kerberos:5-1.5

    * cpe:/a:mit:kerberos:5-1.4.4

    * cpe:/a:mit:kerberos:5-1.4.3

    * cpe:/a:mit:kerberos:5-1.4.2

    * cpe:/a:mit:kerberos:5-1.4.1

    * cpe:/a:mit:kerberos:5-1.4

    * cpe:/a:mit:kerberos:5-1.3.6

    * cpe:/a:mit:kerberos:5-1.3.5

    * cpe:/a:mit:kerberos:5-1.3.4

    * cpe:/a:mit:kerberos:5-1.3.3

    * cpe:/a:mit:kerberos:5-1.3.2

    * cpe:/a:mit:kerberos:5-1.3.1

    * cpe:/a:mit:kerberos:5-1.3:alpha1

    * cpe:/a:mit:kerberos:5-1.3

    * cpe:/a:mit:kerberos:5-1.2.8

    * cpe:/a:mit:kerberos:5-1.2.7

    * cpe:/a:mit:kerberos:5-1.2.6

    * cpe:/a:mit:kerberos:5-1.2.5

    * cpe:/a:mit:kerberos:5-1.2.4

    * cpe:/a:mit:kerberos:5-1.2.3

    * cpe:/a:mit:kerberos:5-1.2.2

    * cpe:/a:mit:kerberos:5-1.2.1

    * cpe:/a:mit:kerberos:5-1.2

    * cpe:/a:mit:kerberos:5-1.14:beta2

    * cpe:/a:mit:kerberos:5-1.14:beta1

    * cpe:/a:mit:kerberos:5-1.14:alpha1

    * cpe:/a:mit:kerberos:5-1.14.1

    * cpe:/a:mit:kerberos:5-1.13.2

    * cpe:/a:mit:kerberos:5-1.13.1

    * cpe:/a:mit:kerberos:5-1.13

    * cpe:/a:mit:kerberos:5-1.12.3

    * cpe:/a:mit:kerberos:5-1.12.2

    * cpe:/a:mit:kerberos:5-1.12.1

    * cpe:/a:mit:kerberos:5-1.12

    * cpe:/a:mit:kerberos:5-1.11.5

    * cpe:/a:mit:kerberos:5-1.11.4

    * cpe:/a:mit:kerberos:5-1.11.3

    * cpe:/a:mit:kerberos:5-1.11.2

    * cpe:/a:mit:kerberos:5-1.11.1

    * cpe:/a:mit:kerberos:5-1.11

    * cpe:/a:mit:kerberos:5-1.10.4

    * cpe:/a:mit:kerberos:5-1.10.3

    * cpe:/a:mit:kerberos:5-1.10.2

    * cpe:/a:mit:kerberos:5-1.10.1

    * cpe:/a:mit:kerberos:5-1.10* cpe:/a:mit:kerberos:5-1.1

     

    * Denotes Vulnerable Software
    Changes related to vulnerability configurations

     

    Technical Details

    Vulnerability Type (View All)

    • Other (NVD-CWE-Other)

    CVE Standard Vulnerability Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119

     

    Changes >>>

     

     

     

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More