FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- multiple denial of service vulnerabilities

Affected packages
1.7 <= krb5 <= 1.7_2

Details

VuXML ID 9ac0f9c4-492b-11df-83fb-0015587e2cc1
Discovery 2010-02-16
Entry 2010-04-19
Modified 2013-06-16

Two vulnerabilities in krb5 can be used by remote attackers in denial of service attacks. The MIT security advisories report this as follows:

An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial of service.

An unauthenticated remote attacker could cause a GSS-API application, including the Kerberos administration daemon (kadmind) to crash.

References

Bugtraq ID 38260
Bugtraq ID 38904
CVE Name CVE-2010-0283
CVE Name CVE-2010-0628
URL http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
URL http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt