CVE-2009-3295

Severity

50%

Complexity

99%

Confidentiality

48%

The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.

The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 15 years ago

2009-12-29 20:41:00

Last updated 5 years ago

2020-01-21 15:45:00

Affected Software

Mit Kerberos 5 1.7

1.7

References

37977

Vendor Advisory

1023392

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-003.txt

Patch, Vendor Advisory

20091228 MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing

37486

Patch

ADV-2009-3652

Patch, Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.