Computer Security
[EN] securityvulns.ru no-pyccku


MIT Kerberos 5 DoS
Published:03.06.2013
Source:
SecurityVulns ID:13094
Type:remote
Threat Level:
5/10
Description:Server sends response to response, it makes it possible to loop packets between two servers.
Affected:MIT : krb5 1.11
CVE:CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2701-1] krb5 security update (03.06.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod