5
CVE-2002-2443
- EPSS 21.41%
- Published 29.05.2013 14:29:06
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Data is provided by the National Vulnerability Database (NVD)
Mit ≫ Kerberos 5 Version < 1.11.3
Fedoraproject ≫ Fedora Version17
Fedoraproject ≫ Fedora Version18
Fedoraproject ≫ Fedora Version19
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Eus Version5.9
Redhat ≫ Enterprise Linux Eus Version6.4
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Aus Version6.4
Redhat ≫ Enterprise Linux Workstation Version5.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version12.04 SwEdition-
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version15.04
Canonical ≫ Ubuntu Linux Version15.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 21.41% | 0.955 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.