ID CVE-2010-0628
Summary The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos:5-1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.8:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 10-10-2018 - 19:53)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 38904
bugtraq 20100323 MITKRB5-SA-2010-002 denial of service in SPNEGO [CVE-2010-0628 VU#839413]
cert-vn VU#839413
confirm
secunia 39023
ubuntu USN-916-1
statements via4
contributor Vincent Danen
lastmodified 2010-03-26
organization Red Hat
statement Not vulnerable. This flaw does not affect MIT krb5 as provided in Red Hat Enterprise Linux 3, 4, and 5.
Last major update 10-10-2018 - 19:53
Published 25-03-2010 - 22:30
Back to Top