Published: 29/05/2013 Updated: 02/02/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) prior to 1.11.3 does not properly validate UDP packets before sending responses, which allows remote malicious users to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5
opensuse opensuse 11.4
opensuse opensuse 12.2
opensuse opensuse 12.3
fedoraproject fedora 17
fedoraproject fedora 18
fedoraproject fedora 19
redhat enterprise linux desktop 5.0
redhat enterprise linux desktop 6.0
redhat enterprise linux eus 5.9
redhat enterprise linux eus 6.4
redhat enterprise linux server 5.0
redhat enterprise linux server 6.0
redhat enterprise linux server aus 6.4
redhat enterprise linux workstation 5.0
redhat enterprise linux workstation 6.0
debian debian linux 6.0
debian debian linux 7.0
debian debian linux 8.0
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
canonical ubuntu linux 15.10

Debian Bug report logs - #708267 cve-2002-2443: kpasswd udp ping-pong Package: krb5-admin-server; Maintainer for krb5-admin-server is Sam Hartman <hartmans@debianorg>; Source for krb5-admin-server is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Tue, 14 May 2013 16:39:01 UTC Owned ...

Several security issues were fixed in Kerberos ...

It was discovered that the kpasswd service running on UDP port 464 could respond to response packets, creating a packet loop and a denial of service condition For the oldstable distribution (squeeze), this problem has been fixed in version 183+dfsg-4squeeze7 For the stable distribution (wheezy), this problem has been fixed in version 1101+dfs ...

It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services to keep replying packets to each other, consuming ...

CWE-20 https://bugzilla.redhat.com/show_bug.cgi?id=962531 https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 http://www.debian.org/security/2013/dsa-2701 http://rhn.redhat.com/errata/RHSA-2013-0942.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00007.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:166 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105879.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105978.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106698.html http://www.ubuntu.com/usn/USN-2810-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267 https://usn.ubuntu.com/2810-1/https://nvd.nist.gov

CVE-2002-2443

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect