CVE-2010-0283

Published: Feb 22, 2010Modified: Apr 29, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

Affected (3)

Products: Mit: Kerberos, Kerberos 5

Mit

2 products

Kerberos

Kerberos 5

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mit Kerberos	Version 5-1.8 alpha
Mit Kerberos 5	Version 1.7.1
Mit Kerberos 5	Version 1.7

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (24)

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.html

Source: cve@mitre.org

http://secunia.com/advisories/38598

Source: cve@mitre.org

http://secunia.com/advisories/39023

Source: cve@mitre.org

http://secunia.com/advisories/40220

Source: cve@mitre.org

http://securitytracker.com/id?1023593

Source: cve@mitre.org

http://support.apple.com/kb/HT4188

Source: cve@mitre.org

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/509553/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/38260

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-916-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/1481

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html