CVE-2010-0628
MIT Kerberos 5 1.7-1.7.1 and 1.8 - Denial of Service via Invalid SPNEGO Packet
Title source: llmDescription
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-916-1
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/510281/100/0/threaded
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38904
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=566258
Various Sources x_refsource_confirm
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39023
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/839413
Scores
EPSS
0.0092
EPSS Percentile
76.3%
Details
Status
published
Products (3)
mit/kerberos_5
1.7
mit/kerberos_5
1.7.1
mit/kerberos_5
1.8
Published
Mar 25, 2010
Tracked Since
Feb 18, 2026