CVE-2016-3119

Impact:
Low
Public Date:
2016-03-14
CWE:
CWE-476
Bugzilla:
1319616: CVE-2016-3119 krb5: null pointer dereference in kadmin
A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module.

Find out more about CVE-2016-3119 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 2.1
Base Metrics AV:N/AC:H/Au:S/C:N/I:N/A:P
Access Vector Network
Access Complexity High
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (krb5) RHSA-2016:2591 2016-11-03

Affected Packages State

Platform Package State
Red Hat JBoss EWS 2 krb5 Not affected
Red Hat Enterprise Linux 6 krb5 Will not fix
Red Hat Enterprise Linux 5 krb5 Will not fix

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.