SB2016091423 - NULL pointer dereference in krb5 (Alpine package)
Published: September 14, 2016
Security Bulletin ID
SB2016091423
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2016-3120)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via an S4U2Self request.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=291bdb084aa8137594ea6e32a91d1006ae0152a0
- https://git.alpinelinux.org/aports/commit/?id=d6cac5661df8d1c9fa2cdae9942cd6f274712d7f
- https://git.alpinelinux.org/aports/commit/?id=5dfc3609c83443f92ad4f2deb320e2e4e8a711bd
- https://git.alpinelinux.org/aports/commit/?id=b1878b63835be923fb98d72c7ee9ad294dad20c5