Vulnerability Details : CVE-2012-1014
The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2012-1014
- cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-1014
6.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1014
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:C |
10.0
|
8.5
|
NIST |
References for CVE-2012-1014
-
http://lists.opensuse.org/opensuse-updates/2012-08/msg00016.html
openSUSE-SU-2012:0967-1: moderate: krb5: fixed several potential code ex
-
http://www.debian.org/security/2012/dsa-2518
Debian -- Security Information -- DSA-2518-1 krb5
-
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt
Patch;Vendor Advisory
Jump to