1. CVE-Search
  2. CVE-2002-0036
ID CVE-2002-0036
Summary Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 21-01-2020 - 15:44)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2003:051
  • rhsa
    id RHSA-2003:052
  • rhsa
    id RHSA-2003:168
refmap via4
bid 6713
cert-vn VU#587579
conectiva CLA-2003:639
confirm http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
mandrake MDKSA-2003:043
osvdb 4896
xf kerberos-kdc-neglength-bo(11190)
Last major update 21-01-2020 - 15:44
Published 19-02-2003 - 05:00
Last modified 21-01-2020 - 15:44
Back to Top