Vulnerability Details : CVE-2010-0283
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-0283
Probability of exploitation activity in the next 30 days: 93.63%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0283
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2010-0283
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2010-0283
-
Red Hat 2010-02-22Not vulnerable. This issue did not affect the versions of MIT Kerberos 5 as shipped with Red Hat Enterprise Linux 3, 4 or 5. Those versions do not contain the vulnerable code that was introduced in krb5 1.7.
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html
[SECURITY] Fedora 12 Update: krb5-1.7.1-2.fc12
-
http://www.securityfocus.com/bid/38260
MIT Kerberos KDC 'handle_tgt_authdata()' Denial Of Service Vulnerability
-
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Apple - Lists.apple.com
-
http://securitytracker.com/id?1023593
Kerberos KDC Input Validation Flaw in process_as_req() Lets Remote Users Deny Service - SecurityTracker
-
http://www.securityfocus.com/archive/1/509553/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2010/1481
Webmail | OVH- OVH
-
http://support.apple.com/kb/HT4188
About the security content of Security Update 2010-004 / Mac OS X v10.6.4 - Apple Support
-
http://www.ubuntu.com/usn/USN-916-1
USN-916-1: Kerberos vulnerabilities | Ubuntu security notices
-
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
Vendor Advisory
- cpe:2.3:a:mit:kerberos:5-1.8:alpha:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*