PT-2013-1198 · Mit+4 · Mit-Krb5+4

Published

2013-05-10

Updated

2024-06-15

CVE-2002-2443

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions mit-krb5 versions prior to 1.11.4

Description The issue affects the mit-krb5 package in Gentoo Linux, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Specifically, in the kpasswd service in kadmind, schpw.c does not properly validate UDP packets before sending responses, allowing remote attackers to cause a denial of service by triggering a communication loop with forged packets.

Recommendations For versions prior to 1.11.4, update to version 1.11.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the kpasswd service in kadmind to minimize the risk of exploitation. Avoid using the vulnerable schpw.c in the kpasswd service until the issue is resolved.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-09675

CESA-2013_0942

CVE-2002-2443

DSA-2701-1

MGASA-2013-0161

OPENSUSE-SU-2024:10004-1

RHSA-2013:0942

RHSA-2013_0942

SUSE-SU-2013_1190-1

USN-2810-1

Affected Products

Centos

Red Hat

Suse

Ubuntu

Mit-Krb5

PT-2013-1198 · Mit+4 · Mit-Krb5+4

CVE-2002-2443

Weakness Enumeration

Related Identifiers

Affected Products

References · 89