It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request.
NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.
|Base Score:||4.3||Base Metrics:||AV:N/AC:M/Au:N/C:N/I:N/A:P|
|Access Vector:||Network||Attack Complexity:||Medium|
|Authentication:||None required||Confidentiality Impact:||None|
|Integrity Impact:||None||Availability Impact:||Partial|
|Oracle Linux version 5 (krb5)||ELSA-2014-1245||2014-09-17|
|Oracle Linux version 6 (krb5)||ELSA-2014-1389||2014-10-15|
|Oracle VM version 3.3 (krb5)||OVMSA-2014-0034||2014-11-03|
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team