VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 6, 2012· Updated Apr 29, 2026

CVE-2012-1015

CVE-2012-1015

Description

The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Mit/Kerberos 512 versions
    cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*
    • (no CPE)range: 1.8.x, <1.9.5, <1.10.3

Patches

Vulnerability mechanics

Root cause

"Missing validation of key type before checksum calculation allows freeing an uninitialized pointer."

Attack vector

An unauthenticated remote attacker sends a crafted AS-REQ request to the KDC. The `kdc_handle_protected_negotiation` function attempts to calculate a checksum without first verifying that the key type is appropriate for that checksum operation [CWE-20]. This causes the KDC to free an uninitialized pointer, corrupting the process heap and potentially leading to arbitrary code execution or a denial-of-service crash [ref_id=1].

Affected code

The vulnerability resides in the `kdc_handle_protected_negotiation` function within the KDC component of MIT Kerberos 5 (krb5). Affected versions are 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 [ref_id=1].

What the fix does

The advisory does not include a patch diff, but the recommended remediation is to upgrade to krb5 1.9.5 or 1.10.3, or apply the official patch provided by MIT [ref_id=1]. The fix ensures that the KDC validates the key type is appropriate for the checksum operation before computing the checksum, preventing the uninitialized pointer from being freed [CWE-20].

Preconditions

  • authNo authentication required; the attacker can be unauthenticated and remote.
  • networkThe attacker must be able to send a crafted AS-REQ to the KDC over the network.
  • configThe KDC must be running an affected version of MIT krb5 (1.8.x, 1.9.x before 1.9.5, or 1.10.x before 1.10.3).

Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.