← Back to CVEs

CVE-2013-1417

N/A

Description

do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.

CVE Details

CVSS v3.1 ScoreN/A

Published11/20/2013

Last Modified4/29/2026

Sourcenvd

Honeypot Sightings0

Affected Products

mit:kerberos_5

Weaknesses (CWE)

CWE-20

References

http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html(cve@mitre.org)

http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt(cve@mitre.org)

https://bugzilla.redhat.com/show_bug.cgi?id=1030743(cve@mitre.org)

https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc(cve@mitre.org)

http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html(af854a3a-2127-422b-91ae-364da2661108)

http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.redhat.com/show_bug.cgi?id=1030743(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.