CVE-2010-0628

Severity

50%

Complexity

99%

Confidentiality

48%

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Mit Kerberos 5

First reported 14 years ago

2010-03-25 22:30:00

Last updated 5 years ago

2020-01-21 15:45:00

Affected Software

Mit Kerberos 5 1.7

1.7

Mit Kerberos 5 1.7.1

1.7.1

Mit Kerberos 5 1.8

1.8

References

39023

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt

VU#839413

US Government Resource

20100323 MITKRB5-SA-2010-002 denial of service in SPNEGO [CVE-2010-0628 VU#839413]

38904

Patch

USN-916-1

https://bugzilla.redhat.com/show_bug.cgi?id=566258

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.