CVE-2010-0629

Severity

40%

Complexity

80%

Confidentiality

48%

Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt 'AFFECTED SOFTWARE ================= * kadmind in MIT releases krb5-1.5 through krb5-1.6.3.'

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt 'AFFECTED SOFTWARE ================= * kadmind in MIT releases krb5-1.5 through krb5-1.6.3.'

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P).

Overview

Type

Mit Kerberos 5

First reported 14 years ago

2010-04-07 15:30:00

Last updated 5 years ago

2020-01-21 15:45:00

Affected Software

Mit Kerberos 5 1.5

1.5

Mit Kerberos 5 1.5.1

1.5.1

Mit Kerberos 5 1.5.2

1.5.2

Mit Kerberos 5 1.5.3

1.5.3

Mit Kerberos 5 1.6

1.6

Mit Kerberos 5 1.6.1

1.6.1

Mit Kerberos 5 1.6.2

1.6.2

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052

http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998

FEDORA-2010-6108

SUSE-SR:2010:009

39264

39290

39315

39324

39367

1023821

USN-924-1

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt

Patch, Vendor Advisory

DSA-2031

MDVSA-2010:071

RHSA-2010:0343

20100406 MITKRB5-SA-2010-003 [CVE-2010-0629] denial of service in kadmind in older krb5 releases

39247

Patch

ADV-2010-0876

oval:org.mitre.oval:def:9489

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.