CVE-2010-0283

Published: 22 February 2010

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

Notes

Author	Note
mdeslaur	reported only affecting 1.7 and later

Priority

Status

Package	Release	Status
krb5 Launchpad, Ubuntu, Debian	dapper	Not vulnerable (1.4.3-5ubuntu0.10)
	hardy	Not vulnerable (1.6.dfsg.3~beta1-2ubuntu1.3)
	intrepid	Not vulnerable (1.6.dfsg.4~beta1-3ubuntu0.3)
	jaunty	Not vulnerable (1.6.dfsg.4~beta1-5ubuntu2.2)
	karmic	Released (1.7dfsg~beta3-1ubuntu0.5)
	upstream	Needs triage

References

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
https://ubuntu.com/security/notices/USN-916-1
https://www.cve.org/CVERecord?id=CVE-2010-0283
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›