5
CVE-2010-4022
- EPSS 3.65%
- Veröffentlicht 10.02.2011 18:00:18
- Zuletzt bearbeitet 16.06.2026 23:24:00
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.65% | 0.882 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
http://www.vupen.com/english/advisories/2011/0464
http://secunia.com/advisories/43260
http://secunia.com/advisories/43275
http://securityreason.com/securityalert/8070
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2011:025
http://www.redhat.com/support/errata/RHSA-2011-0200.html
http://www.securityfocus.com/archive/1/516286/100/0/threaded
http://www.securityfocus.com/bid/46269
http://www.securitytracker.com/id?1025035
http://www.vupen.com/english/advisories/2011/0329
http://www.vupen.com/english/advisories/2011/0333
http://www.vupen.com/english/advisories/2011/0347