CVE-2002-2443

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 29-05-2013 04:29

Last modified: - 19-10-2022 04:59

Total changes: - 3

Description

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=962531
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
DSA-2701-Third Party Advisory
RHSA-2013:0942-Third Party Advisory
openSUSE-SU-2013:1119-Mailing List, Third Party Advisory
openSUSE-SU-2013:1122-Mailing List, Third Party Advisory
MDVSA-2013:166-Third Party Advisory
FEDORA-2013-8212-Third Party Advisory
FEDORA-2013-8219-Third Party Advisory
FEDORA-2013-8113-Third Party Advisory
USN-2810-1-Third Party Advisory

Keywords

CVE-2002-2443

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2002-2443

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures