CVE-2010-4022

EPSS 8.65%
Veröffentlicht 10.02.2011 18:00:18
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mit ≫ Kerberos 5 Version1.7

Mit ≫ Kerberos 5 Version1.8

Mit ≫ Kerberos 5 Version1.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	8.65%	0.916

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html

http://www.vupen.com/english/advisories/2011/0464

http://secunia.com/advisories/43260

Vendor Advisory

http://secunia.com/advisories/43275

Vendor Advisory

http://securityreason.com/securityalert/8070

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt

Patch

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:025

http://www.redhat.com/support/errata/RHSA-2011-0200.html