Executive Summary

Informations
NameCVE-2010-0629First vendor Publication2010-04-07
VendorCveLast vendor Modification2010-08-21

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Cvss Base Score4Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score8AuthentificationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0629

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9489
 
Oval ID: oval:org.mitre.oval:def:9489
Title: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Description: Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0629
 Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application8

Open Source Vulnerability Database (OSVDB)

idDescription
63569Kerberos src/kadmin/server/server_stubs.c init_2_svc() Function API Version N...

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/39247
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/510566/100/0/threaded
CONFIRMhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052
http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt
DEBIANhttp://www.debian.org/security/2010/dsa-2031
FEDORAhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:071
REDHAThttp://www.redhat.com/support/errata/RHSA-2010-0343.html
SECTRACKhttp://securitytracker.com/id?1023821
SECUNIAhttp://secunia.com/advisories/39264
http://secunia.com/advisories/39290
http://secunia.com/advisories/39315
http://secunia.com/advisories/39324
http://secunia.com/advisories/39367
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html
UBUNTUhttp://ubuntu.com/usn/usn-924-1
VUPENhttp://www.vupen.com/english/advisories/2010/0876

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:18:47
  • Multiple Updates