CVE-2010-0283

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions 1.7 through 1.7.1 MIT Kerberos 5 version 1.8 alpha mit-krb5 versions prior to 1.9.2-r1

Description The issue allows remote attackers to cause problems with the system, including a denial of service, by sending invalid requests. Specifically, an invalid AS-REQ or TGS-REQ request can cause an assertion failure and daemon crash. The vulnerability may also lead to issues with confidentiality, integrity, and availability of protected information.

Recommendations For MIT Kerberos 5 versions 1.7 through 1.7.1, update to version 1.7.2 or later. For MIT Kerberos 5 version 1.8 alpha, update to a stable version. For mit-krb5 versions prior to 1.9.2-r1, update to version 1.9.2-r1 or later. As a temporary workaround, consider restricting access to the KDC to minimize the risk of exploitation.