Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MIT Kerberos 5 输入验证漏洞
Vulnerability Description
MIT Kerberos 5(又名krb5)是美国麻省理工学院(MIT)开发的一套网络认证协议。Key Distribution Center(KDC,密钥分发中心)是一种运行在物理安全服务器上的服务,它包含了一个密钥数据库,主要为两个实体间的通信产生一个会话密钥,加密他们之间的交互信息。 MIT Kerberos 5 1.11.4之前的1.11版本中的KDC服务中的do_tgs_req.c文件中存在安全漏洞。远程经过授权的攻击者可通过发送TGS-REQ请求利用该漏洞造成拒绝服务(守护进程崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A