5

CVE-2002-2443

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version < 1.11.3
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
FedoraprojectFedora Version17
FedoraprojectFedora Version18
FedoraprojectFedora Version19
RedhatEnterprise Linux Eus Version5.9
RedhatEnterprise Linux Eus Version6.4
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.49% 0.929
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105879.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105978.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106698.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-07/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2013-07/msg00007.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2013-0942.html
Third Party Advisory
http://www.debian.org/security/2013/dsa-2701
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:166
Third Party Advisory
http://www.ubuntu.com/usn/USN-2810-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=962531
Third Party Advisory
Issue Tracking
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
Patch
Third Party Advisory