ID CVE-2009-3295
Summary The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos:5-1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.7:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-10-2018 - 19:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 37486
bugtraq 20091228 MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing
confirm http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-003.txt
sectrack 1023392
secunia 37977
vupen ADV-2009-3652
statements via4
contributor Tomas Hoger
lastmodified 2010-01-11
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Last major update 10-10-2018 - 19:43
Published 29-12-2009 - 20:41
Back to Top