Published: 20/12/2018 Updated: 11/01/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The read_packet function in knc (Kerberised NetCat) prior to 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host.

Vulnerable Product	Search on Vulmon	Subscribe to Product
secure-endpoints kerberised netcat

knc (Kerberised NetCat) versions before 111-1 are vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another service running on the targeted host Proof of concept included ...

Full Disclosure mailing list archives   By Date By Thread </form>    CVE-2017-9732: knc (kerberized netcat) memory exhaustion   From: ...

PoC memory exhaustion exploit of kerberized netcat

Product "KNC is Kerberised NetCat It works in basically the same way as either netcat or stunnel except that it is uses GSS-API to secure the communication You can use it to construct client/server applications while keeping the Kerberos libraries out of your programs address space quickly and easily" Links Official page: osktsecure-endpointscom/knchtml S

CWE-400 https://github.com/irsl/knc-memory-exhaustion/https://github.com/elric1/knc/commit/f237f3e09ecbaf59c897f5046538a7b1a3fa40c1 http://seclists.org/fulldisclosure/2018/Nov/65 http://packetstormsecurity.com/files/150534/knc-Kerberized-NetCat-Denial-Of-Service.html https://nvd.nist.gov https://github.com/irsl/knc-memory-exhaustion http://seclists.org/fulldisclosure/2018/Nov/65

CVE-2017-9732

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect