6.5
CVE-2010-0629
- EPSS 5.47%
- Veröffentlicht 07.04.2010 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:32
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mit ≫ Kerberos 5 Version >= 1.5 <= 1.6.3
Fedoraproject ≫ Fedora Version11
Suse ≫ Linux Enterprise Version11.0 Update-
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version8.10
Canonical ≫ Ubuntu Linux Version9.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.47% | 0.917 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
http://secunia.com/advisories/39290
http://ubuntu.com/usn/usn-924-1
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052
http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html
http://secunia.com/advisories/39264
http://secunia.com/advisories/39315
http://secunia.com/advisories/39324
http://secunia.com/advisories/39367
http://securitytracker.com/id?1023821
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt
http://www.debian.org/security/2010/dsa-2031
http://www.mandriva.com/security/advisories?name=MDVSA-2010:071
http://www.redhat.com/support/errata/RHSA-2010-0343.html
http://www.securityfocus.com/archive/1/510566/100/0/threaded
http://www.securityfocus.com/bid/39247
http://www.vupen.com/english/advisories/2010/0876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9489