Vulnerability Details : CVE-2010-0628
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
Vulnerability category: Denial of service
Products affected by CVE-2010-0628
- cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0628
11.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0628
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2010-0628
-
Red Hat 2010-03-26Not vulnerable. This flaw does not affect MIT krb5 as provided in Red Hat Enterprise Linux 3, 4, and 5.
References for CVE-2010-0628
-
http://www.securityfocus.com/archive/1/510281/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/38904
MIT Kerberos 'gss_accept_sec_context()' Denial Of Service VulnerabilityPatch
-
http://www.ubuntu.com/usn/USN-916-1
USN-916-1: Kerberos vulnerabilities | Ubuntu security notices
-
https://bugzilla.redhat.com/show_bug.cgi?id=566258
566258 – (CVE-2010-0628) CVE-2010-0628 krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)
-
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
Jump to