7.8

CVE-2010-0283

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos Version5-1.8 Updatealpha
MitKerberos 5 Version1.7
MitKerberos 5 Version1.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.43% 0.821
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://secunia.com/advisories/40220
http://support.apple.com/kb/HT4188
http://www.vupen.com/english/advisories/2010/1481
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html
http://secunia.com/advisories/38598
http://secunia.com/advisories/39023
http://securitytracker.com/id?1023593
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
Vendor Advisory
http://www.securityfocus.com/archive/1/509553/100/0/threaded
http://www.securityfocus.com/bid/38260
http://www.ubuntu.com/usn/USN-916-1