What is CVE-2016-3119?

CVE-2016-3119 is a medium-severity vulnerability in Mit Kerberos_5. CVSS score: 5.3/10. Published 2016-03-26.

How severe is CVE-2016-3119?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Mit Kerberos_5

CVE-2016-3119

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenti…

EPSS: 0.102 (93.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Mit Kerberos_5 — versions 1.0, 1.0.6, 1.1
Opensuse Leap — versions 42.1
Opensuse — versions 13.2
N/a — versions n/a

References

openSUSE-SU-2016:1072 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update (mailing-list, x_refsource_MLIST)
1035399 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
openSUSE-SU-2016:0947 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
RHSA-2016:2591 (x_refsource_REDHAT, vendor-advisory)
85392 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Patch)

Frequently asked questions

What is CVE-2016-3119?: CVE-2016-3119 is a medium-severity vulnerability in Mit Kerberos_5. CVSS score: 5.3/10. Published 2016-03-26.
How severe is CVE-2016-3119?: Medium severity. CVSS v3 base score is 5.3 out of 10.