oss-sec mailing list archives
Re: CVE-2013-6800 is a dup of CVE-2013-1418
From: cve-assign () mitre org
Date: Tue, 4 Mar 2014 12:35:06 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6800 is the same issue as http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418 (basically the same code fix for the same issue,
The scope of CVE-2013-1418 is this part of c2ccf4197f697c4ff143b8a786acdd875e70a89d: Multi-realm KDC null deref [CVE-2013-1418] ... If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a null pointer, crashing the KDC. CVSSv2: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C The scope of CVE-2013-6800 is this part of c2ccf4197f697c4ff143b8a786acdd875e70a89d: A related but more minor vulnerability requires authentication to exploit, and is only present if a third-party KDC database module can dereference a null pointer under certain conditions. The practical relevance of the second CVE is that, based on the available information, a KDC apparently can be vulnerable to CVE-2013-6800 even if the CVE-2013-1418 exploitation conditions are not met. The vendor's disclosure binds the CVE-2013-1418 ID only to a subset of the c2ccf4197f697c4ff143b8a786acdd875e70a89d comment. This was accompanied by a similar binding within third-party references such as 1026942 in the Red Hat Bugzilla. It is conceivable that someone would want to track CVE-2013-6800 even if they determined that CVE-2013-1418 was not relevant to their installation. In general, even if a single patch could address two distinct types of attacks, that does not necessarily mean that two CVEs are duplicates. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTFgz+AAoJEKllVAevmvmsg2AIAK3YEISuzaCFszqZIUMc7xTu c19WulvIAzWTzCplCiYsq/y9y146PKCNSKeYZM9pLx/Nk5kz0m9627YmqCOxbzMx 7xQw0fn5F07/wOn2HFGdh6MxC1J7qGK+2EyBeL6yYdTEY4aNdLNGTZZP5YzQAP7O yHL7Bh2ko3WWZKZ2f4qTGzRvbN7G5ZDQzTsTYDJUhqQUuvMCnP8NpnTb7qC/RGNH k+u7lkohA/1gst476tb/uVSAYfwH/8zPkhygC6WlSRwrs3DoP+T6Ycle+6+1hH4z 7dlr1GXmAx989KG6TsjY+gmM9DHAnAOTM9wMA1ext8OWX7a40qVFlhZbQMr+M8Q= =oIex -----END PGP SIGNATURE-----
Current thread:
- CVE-2013-6800 is a dup of CVE-2013-1418 Marcus Meissner (Mar 04)
- Re: CVE-2013-6800 is a dup of CVE-2013-1418 cve-assign (Mar 04)