CVE-2003-0072

MIT Kerberos 5 <= 1.2.7 - Authenticated Denial of Service via KDC Protocol Request

Title source: llm

Description

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").

References (7)

Core 7

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-052.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/316960/30/25250/threaded

Patch, Vendor Advisory x_refsource_confirm

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2003-051.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/7184

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2003/dsa-266

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1

Scores

EPSS 0.0125

EPSS Percentile 79.6%

Details

Status published

Products (14)

mit/kerberos 1.0

mit/kerberos 1.2.2.beta1

mit/kerberos_5 1.0.6

mit/kerberos_5 1.1

mit/kerberos_5 1.1.1

mit/kerberos_5 1.2

mit/kerberos_5 1.2.1

mit/kerberos_5 1.2.2

mit/kerberos_5 1.2.3

mit/kerberos_5 1.2.4

... and 4 more

Published Apr 02, 2003

Tracked Since Feb 18, 2026