Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2010-4022

Published: 10/02/2011 Updated: 21/01/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Kerberos 5

Vulnerability Summary

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote malicious users to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5 1.7

mit kerberos 5 1.8

mit kerberos 5 1.9

Vendor Advisories

Ubuntu Security Notice: krb5 vulnerabilities
Keiichi Mori discovered that the MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial of service attack due to improper logic when a worker child process exited because of invalid network input This could only occur when kpropd is running in standalone mode; kpropd was not affected when running in incremental propagation mod ...
Debian CVElist Bug Report Logs: krb5: CVE-2011-0284 kdc double-free
Debian Bug report logs - #618517 krb5: CVE-2011-0284 kdc double-free Package: krb5; Maintainer for krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Tue, 15 Mar 2011 20:51:05 UTC Severity: serious Tags: security Found in version 183+dfsg-4 Fixed in versions ...
Debian CVElist Bug Report Logs: krb5: kadmind invalid pointer free
Debian Bug report logs - #622681 krb5: kadmind invalid pointer free Package: krb5-admin-server; Maintainer for krb5-admin-server is Sam Hartman <hartmans@debianorg>; Source for krb5-admin-server is src:krb5 (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Wed, 13 Apr 2011 19:21: ...

References

CWE-20http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txthttp://www.securityfocus.com/bid/46269http://www.redhat.com/support/errata/RHSA-2011-0200.htmlhttp://secunia.com/advisories/43260http://www.mandriva.com/security/advisories?name=MDVSA-2011:025http://www.vupen.com/english/advisories/2011/0333http://secunia.com/advisories/43275http://www.vupen.com/english/advisories/2011/0329http://www.vupen.com/english/advisories/2011/0347http://www.securitytracker.com/id?1025035http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.htmlhttp://www.vupen.com/english/advisories/2011/0464http://securityreason.com/securityalert/8070http://www.securityfocus.com/archive/1/516286/100/0/threadedhttps://usn.ubuntu.com/1062-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook