CVE-2016-3120

Public on 2016-08-01
Modified on 2017-02-06
Description
A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true.
Severity
Low severity
Low
See what this means
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 krb5 2017-02-06 ALAS-2017-793 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 3.5 AV:N/AC:M/Au:S/C:N/I:N/A:P
Amazon Linux CVSSv3 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv2 4.0 AV:N/AC:L/Au:S/C:N/I:N/A:P
NVD CVSSv3 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2016-3120 Mitre: CVE-2016-3120