CVE-2010-0283

Publication date 22 February 2010

Last updated 24 July 2024

Ubuntu priority

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
krb5	9.10 karmic	Fixed 1.7dfsg~beta3-1ubuntu0.5
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

reported only affecting 1.7 and later

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-916-1
Kerberos vulnerabilities
23 March 2010

Other references

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
https://www.cve.org/CVERecord?id=CVE-2010-0283