6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.005 Low
EPSS
Percentile
75.7%
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API
library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as
used in kadmind and other applications, does not properly check for invalid
GSS-API tokens, which allows remote authenticated users to cause a denial
of service (NULL pointer dereference and daemon crash) via an AP-REQ
message in which the authenticatorโs checksum field is missing.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | krb5 | <ย 1.4.3-5ubuntu0.11 | UNKNOWN |
ubuntu | 8.04 | noarch | krb5 | <ย 1.6.dfsg.3~beta1-2ubuntu1.5 | UNKNOWN |
ubuntu | 9.04 | noarch | krb5 | <ย 1.6.dfsg.4~beta1-5ubuntu2.4 | UNKNOWN |
ubuntu | 9.10 | noarch | krb5 | <ย 1.7dfsg~beta3-1ubuntu0.6 | UNKNOWN |
ubuntu | 10.04 | noarch | krb5 | <ย 1.8.1+dfsg-2ubuntu0.2 | UNKNOWN |
ubuntu | 8.04 | noarch | sun-jav6 | <ย 6.22-0ubuntu1~8.04.1 | UNKNOWN |
ubuntu | 9.04 | noarch | sun-jav6 | <ย 6.22-0ubuntu1~9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | sun-jav6 | <ย 6.22-0ubuntu1~9.10.1 | UNKNOWN |
ubuntu | 10.04 | noarch | sun-jav6 | <ย 6.22-0ubuntu1~10.04 | UNKNOWN |
ubuntu | 10.10 | noarch | sun-jav6 | <ย 6.22-0ubuntu1~10.10 | UNKNOWN |