CVE-2010-0283 : The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2,

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

Published 2010-02-22 13:00:03

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2010-0283

MIT » Kerberos » Version: 5-1.8 Update Alpha
cpe:2.3:a:mit:kerberos:5-1.8:alpha:*:*:*:*:*:*
Matching versions
MIT » Kerberos 5 » Version: 1.7
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
Matching versions
MIT » Kerberos 5 » Version: 1.7.1
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2010-0283

EPSS FAQ

3.49%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2010-0283

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2010-0283

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2010-0283

Red Hat 2010-02-22

Not vulnerable. This issue did not affect the versions of MIT Kerberos 5 as shipped with Red Hat Enterprise Linux 3, 4 or 5. Those versions do not contain the vulnerable code that was introduced in krb5 1.7.

References for CVE-2010-0283

http://secunia.com/advisories/39023

Sign in

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html

[SECURITY] Fedora 12 Update: krb5-1.7.1-2.fc12
http://secunia.com/advisories/38598

Sign in
http://www.securityfocus.com/bid/38260

MIT Kerberos KDC 'handle_tgt_authdata()' Denial Of Service Vulnerability
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

Apple - Lists.apple.com

CVEs referencing this url
http://secunia.com/advisories/40220

Sign in

CVEs referencing this url
http://securitytracker.com/id?1023593

Kerberos KDC Input Validation Flaw in process_as_req() Lets Remote Users Deny Service - SecurityTracker
http://www.securityfocus.com/archive/1/509553/100/0/threaded

SecurityFocus
http://www.vupen.com/english/advisories/2010/1481

Webmail | OVH- OVH

CVEs referencing this url
http://support.apple.com/kb/HT4188

About the security content of Security Update 2010-004 / Mac OS X v10.6.4 - Apple Support

CVEs referencing this url
http://www.ubuntu.com/usn/USN-916-1

USN-916-1: Kerberos vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt

Vendor Advisory