6.5

CVE-2010-0629

Exploit
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version >= 1.5 <= 1.6.3
FedoraprojectFedora Version11
OpensuseOpensuse Version11.0
OpensuseOpensuse Version11.1
SuseLinux Enterprise Version11.0 Update-
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.47% 0.917
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://secunia.com/advisories/39290
Broken Link
http://ubuntu.com/usn/usn-924-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
Mailing List
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052
Exploit
Mailing List
Issue Tracking
http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html
Mailing List
http://secunia.com/advisories/39264
Broken Link
http://secunia.com/advisories/39315
Broken Link
http://secunia.com/advisories/39324
Broken Link
http://secunia.com/advisories/39367
Broken Link
http://securitytracker.com/id?1023821
Third Party Advisory
Broken Link
VDB Entry
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt
Patch
Vendor Advisory
http://www.debian.org/security/2010/dsa-2031
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2010:071
Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0343.html
Broken Link
http://www.securityfocus.com/archive/1/510566/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/39247
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2010/0876
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9489
Broken Link