Vulnerability Details : CVE-2010-0283
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
Vulnerability category: Denial of service
Products affected by CVE-2010-0283
- cpe:2.3:a:mit:kerberos:5-1.8:alpha:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0283
3.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0283
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2010-0283
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2010-0283
-
Red Hat 2010-02-22Not vulnerable. This issue did not affect the versions of MIT Kerberos 5 as shipped with Red Hat Enterprise Linux 3, 4 or 5. Those versions do not contain the vulnerable code that was introduced in krb5 1.7.
References for CVE-2010-0283
-
http://secunia.com/advisories/39023
Sign in
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html
[SECURITY] Fedora 12 Update: krb5-1.7.1-2.fc12
-
http://secunia.com/advisories/38598
Sign in
-
http://www.securityfocus.com/bid/38260
MIT Kerberos KDC 'handle_tgt_authdata()' Denial Of Service Vulnerability
-
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Apple - Lists.apple.com
-
http://secunia.com/advisories/40220
Sign in
-
http://securitytracker.com/id?1023593
Kerberos KDC Input Validation Flaw in process_as_req() Lets Remote Users Deny Service - SecurityTracker
-
http://www.securityfocus.com/archive/1/509553/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2010/1481
Webmail | OVH- OVH
-
http://support.apple.com/kb/HT4188
About the security content of Security Update 2010-004 / Mac OS X v10.6.4 - Apple Support
-
http://www.ubuntu.com/usn/USN-916-1
USN-916-1: Kerberos vulnerabilities | Ubuntu security notices
-
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
Vendor Advisory
Jump to