CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
99.5%
CentOS Errata and Security Advisory CESA-2013:0942
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third-party, the Key Distribution Center (KDC).
It was found that kadmind’s kpasswd service did not perform any validation
on incoming network packets, causing it to reply to all requests. A remote
attacker could use this flaw to send spoofed packets to a kpasswd
service that appear to come from kadmind on a different server, causing the
services to keep replying packets to each other, consuming network
bandwidth and CPU. (CVE-2002-2443)
All krb5 users should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing the updated
packages, the krb5kdc and kadmind daemons will be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-June/081947.html
https://lists.centos.org/pipermail/centos-announce/2013-June/081948.html
Affected packages:
krb5-devel
krb5-libs
krb5-pkinit-openssl
krb5-server
krb5-server-ldap
krb5-workstation
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0942
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | krb5-devel | < 1.6.1-70.el5_9.2 | krb5-devel-1.6.1-70.el5_9.2.i386.rpm |
CentOS | 5 | i386 | krb5-libs | < 1.6.1-70.el5_9.2 | krb5-libs-1.6.1-70.el5_9.2.i386.rpm |
CentOS | 5 | i386 | krb5-server | < 1.6.1-70.el5_9.2 | krb5-server-1.6.1-70.el5_9.2.i386.rpm |
CentOS | 5 | i386 | krb5-server-ldap | < 1.6.1-70.el5_9.2 | krb5-server-ldap-1.6.1-70.el5_9.2.i386.rpm |
CentOS | 5 | i386 | krb5-workstation | < 1.6.1-70.el5_9.2 | krb5-workstation-1.6.1-70.el5_9.2.i386.rpm |
CentOS | 5 | i386 | krb5-devel | < 1.6.1-70.el5_9.2 | krb5-devel-1.6.1-70.el5_9.2.i386.rpm |
CentOS | 5 | x86_64 | krb5-devel | < 1.6.1-70.el5_9.2 | krb5-devel-1.6.1-70.el5_9.2.x86_64.rpm |
CentOS | 5 | i386 | krb5-libs | < 1.6.1-70.el5_9.2 | krb5-libs-1.6.1-70.el5_9.2.i386.rpm |
CentOS | 5 | x86_64 | krb5-libs | < 1.6.1-70.el5_9.2 | krb5-libs-1.6.1-70.el5_9.2.x86_64.rpm |
CentOS | 5 | x86_64 | krb5-server | < 1.6.1-70.el5_9.2 | krb5-server-1.6.1-70.el5_9.2.x86_64.rpm |