krb5 is vulnerable to denial of service (DoS). The vulnerability exists as a NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Program Interface (GSS-API) library. A remote, authenticated attacker could use this flaw to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field.
Vendor | Product | Version | CPE |
---|---|---|---|
- | krb5 | 1.3.4_49.el4_5.1 | cpe:2.3:a:-:krb5:1.3.4_49.el4_5.1:*:*:*:*:*:*:* |
- | krb5 | 1.6.1_17.el5_1.1 | cpe:2.3:a:-:krb5:1.6.1_17.el5_1.1:*:*:*:*:*:*:* |
- | krb5 | 1.6.1_31.el5_3.3 | cpe:2.3:a:-:krb5:1.6.1_31.el5_3.3:*:*:*:*:*:*:* |
- | krb5 | 1.6.1_31.el5 | cpe:2.3:a:-:krb5:1.6.1_31.el5:*:*:*:*:*:*:* |
- | krb5 | 1.3.4_54.el4_6.2 | cpe:2.3:a:-:krb5:1.3.4_54.el4_6.2:*:*:*:*:*:*:* |
- | krb5 | 1.6.1_25.el5 | cpe:2.3:a:-:krb5:1.6.1_25.el5:*:*:*:*:*:*:* |
- | krb5 | 1.3.4_60.el4_7.2 | cpe:2.3:a:-:krb5:1.3.4_60.el4_7.2:*:*:*:*:*:*:* |
- | krb5 | 1.3.4_54.el4_6.1 | cpe:2.3:a:-:krb5:1.3.4_54.el4_6.1:*:*:*:*:*:*:* |
- | krb5 | 1.6.1_25.el5_2.2 | cpe:2.3:a:-:krb5:1.6.1_25.el5_2.2:*:*:*:*:*:*:* |
- | krb5 | 1.6.1_25.el5_2.1 | cpe:2.3:a:-:krb5:1.6.1_25.el5_2.1:*:*:*:*:*:*:* |
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427
lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html
lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html
lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
marc.info/?l=bugtraq&m=134254866602253&w=2
osvdb.org/64744
secunia.com/advisories/39762
secunia.com/advisories/39784
secunia.com/advisories/39799
secunia.com/advisories/39818
secunia.com/advisories/39849
secunia.com/advisories/40346
secunia.com/advisories/40685
secunia.com/advisories/41967
secunia.com/advisories/42432
secunia.com/advisories/42974
secunia.com/advisories/43335
secunia.com/advisories/44954
support.avaya.com/css/P8/documents/100114315
web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-005.txt
www.debian.org/security/2010/dsa-2052
www.mandriva.com/security/advisories?name=MDVSA-2010:100
www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2010-0423.html
www.redhat.com/support/errata/RHSA-2010-0770.html
www.redhat.com/support/errata/RHSA-2010-0807.html
www.redhat.com/support/errata/RHSA-2010-0873.html
www.redhat.com/support/errata/RHSA-2010-0935.html
www.redhat.com/support/errata/RHSA-2010-0987.html
www.redhat.com/support/errata/RHSA-2011-0152.html
www.redhat.com/support/errata/RHSA-2011-0880.html
www.securityfocus.com/archive/1/511331/100/0/threaded
www.securityfocus.com/archive/1/516397/100/0/threaded
www.securityfocus.com/bid/40235
www.ubuntu.com/usn/USN-940-1
www.ubuntu.com/usn/USN-940-2
www.us-cert.gov/cas/techalerts/TA10-287A.html
www.us-cert.gov/cas/techalerts/TA11-201A.html
www.vmware.com/security/advisories/VMSA-2011-0003.html
www.vupen.com/english/advisories/2010/1177
www.vupen.com/english/advisories/2010/1192
www.vupen.com/english/advisories/2010/1193
www.vupen.com/english/advisories/2010/1196
www.vupen.com/english/advisories/2010/1222
www.vupen.com/english/advisories/2010/1574
www.vupen.com/english/advisories/2010/1882
www.vupen.com/english/advisories/2010/3112
www.vupen.com/english/advisories/2011/0134
access.redhat.com/errata/RHSA-2010:0423
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450