5

CVE-2010-4022

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version1.7
MitKerberos 5 Version1.8
MitKerberos 5 Version1.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.65% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html
http://www.vupen.com/english/advisories/2011/0464
http://secunia.com/advisories/43260
Vendor Advisory
http://secunia.com/advisories/43275
Vendor Advisory
http://securityreason.com/securityalert/8070
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:025
http://www.redhat.com/support/errata/RHSA-2011-0200.html
http://www.securityfocus.com/archive/1/516286/100/0/threaded
http://www.securityfocus.com/bid/46269
http://www.securitytracker.com/id?1025035
http://www.vupen.com/english/advisories/2011/0329
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0333
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0347
Vendor Advisory