CVE-2010-0629

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052

http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998

http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html

http://secunia.com/advisories/39264

http://secunia.com/advisories/39290

http://secunia.com/advisories/39315

http://secunia.com/advisories/39324

http://secunia.com/advisories/39367

http://securitytracker.com/id?1023821

http://ubuntu.com/usn/usn-924-1

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt

http://www.debian.org/security/2010/dsa-2031

http://www.mandriva.com/security/advisories?name=MDVSA-2010:071

http://www.redhat.com/support/errata/RHSA-2010-0343.html

http://www.securityfocus.com/archive/1/510566/100/0/threaded

http://www.securityfocus.com/bid/39247

http://www.vupen.com/english/advisories/2010/0876

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9489

Details

Source: MITRE

Published: 2010-04-07

Updated: 2020-01-21

Type: CWE-399

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
79475OracleVM 2.2 : krb5 (OVMSA-2011-0015)NessusOracleVM Local Security Checks
low
68029Oracle Linux 5 : krb5 (ELSA-2010-0343)NessusOracle Linux Local Security Checks
medium
65123Ubuntu 8.04 LTS / 8.10 / 9.04 : krb5 vulnerabilities (USN-924-1)NessusUbuntu Local Security Checks
critical
60779Scientific Linux Security Update : krb5 on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
57655GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
50926SuSE 11 Security Update : krb5 (SAT Patch Number 2235)NessusSuSE Local Security Checks
medium
47416Fedora 11 : krb5-1.6.3-29.fc11 (2010-6108)NessusFedora Local Security Checks
medium
46754CentOS 5 : krb5 (CESA-2010:0343)NessusCentOS Local Security Checks
medium
46296RHEL 5 : krb5 (RHSA-2010:0343)NessusRed Hat Local Security Checks
medium
45573FreeBSD : krb5 -- remote denial of service vulnerability (a30573dc-4893-11df-a5f9-001641aeabdf)NessusFreeBSD Local Security Checks
medium
45521Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:071)NessusMandriva Local Security Checks
critical
45493openSUSE Security Update : krb5 (openSUSE-SU-2010:0099-1)NessusSuSE Local Security Checks
medium
45491openSUSE Security Update : krb5 (openSUSE-SU-2010:0099-1)NessusSuSE Local Security Checks
medium
45479Debian DSA-2031-1 : krb5 - use-after-freeNessusDebian Local Security Checks
medium