openSUSE Security Update : krb5 (openSUSE-SU-2013:1119-1)

This update fixes a kpasswd UDP ping-pong security bug CVE-2002-2443. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-546. The text description of this plugin is C SUSE LLC...

krb5 security update

1.10.3-10.3 - pull up fix for UDP ping-pong flaw in kpasswd service CVE-2002-2443,...

Updated krb5 packages fix security vulnerability

The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack CVE-2002-2443...

MGASA-2013-0161 Updated krb5 packages fix security vulnerability

The kpasswd service provided by kadmind was vulnerable to a UDP ping-pong attack CVE-2002-2443...

FreeBSD : krb5 -- UDP ping-pong vulnerability in the kpasswd (password changing) service. [CVE-2002-2443] (e3f64457-cccd-11e2-af76-206a8a720317)

No advisory has been released yet. schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 aka krb5 before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service CPU and bandwidth consumption via a forged packet that...

Fedora 19 : krb5-1.11.2-6.fc19 (2013-8113)

This update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind CVE-2002-2443, and modifies the client library to treat KRB5CCNAME values which begin with 'DIR::' in a way that's almost the same as the way it treats values which begin with 'DIR:'...

Fedora 17 : krb5-1.10.2-12.fc17 (2013-8219)

This update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind CVE-2002-2443. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically cle...

Fedora 18 : krb5-1.10.3-17.fc18 (2013-8212)

This update pulls in the upstream fix for a UDP ping-pong vulnerability in the kpasswd service provided by kadmind CVE-2002-2443. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically cle...

Security fix for the ALT Linux 9 package krb5 version 1.11.2-alt2

May 14, 2013 Ivan A. Melnikov 1.11.2-alt2 - add patch 23 from upstream git to fix kpasswd udp ping-pong CVE-2002-2443...

Security fix for the ALT Linux 8 package krb5 version 1.11.2-alt2

May 14, 2013 Ivan A. Melnikov 1.11.2-alt2 - add patch 23 from upstream git to fix kpasswd udp ping-pong CVE-2002-2443...

Security fix for the ALT Linux 7 package krb5 version 1.11.2-alt2

May 14, 2013 Ivan A. Melnikov 1.11.2-alt2 - add patch 23 from upstream git to fix kpasswd udp ping-pong CVE-2002-2443...

Asterisk 1.6 IAX - 'POKE' Requests Remote Denial of Service

source: https://www.securityfocus.com/bid/30321/info Asterisk is prone to a remote denial-of-service vulnerability because it fails to handle multiple 'POKE' requests in quick succession. Attackers can exploit this issue by sending a persistent stream of 'POKE' requests that will consume processo...

UDP Ping-pong in Win2k

Sorry if this is already well-known. Windows 2000 server with an open UDP Kerberos v5 port 464 is vulnerable to a UDP ping-pong attack where you send a packet with someone elses IP address and chargen source port to it. Drives CPU usage on my test system to approx. 70. AFAIK affected systems: Win...