CVE-2002-2443 (retired)

Priority
Description
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5)
before 1.11.3 does not properly validate UDP packets before sending
responses, which allows remote attackers to cause a denial of service
(CPU and bandwidth consumption) via a forged packet that triggers a
communication loop, as demonstrated by krb_pingpong.nasl, a related
issue to CVE-1999-0103.
Assigned-to
mdeslaur
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:released (1.10.6, 1.11.3)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.11.3+dfsg-3ubuntu2)
More Information

Updated: 2019-09-19 14:55:48 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)