FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-4022

This CVE name corresponds to:

Entered Topic
2011-04-14 krb5 -- MITKRB5-SA-2011-001, kpropd denial of service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-4022 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-4022
Phase Assigned(20101020)

Description

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.

References

Source Reference
BUGTRAQ 20110208 MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022]
CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt
MANDRIVA MDVSA-2011:025
REDHAT RHSA-2011:0200
SUSE SUSE-SR:2011:004
BID 46269
SECTRACK 1025035
SECUNIA 43260
SECUNIA 43275
SREASON 8070
VUPEN ADV-2011-0329
VUPEN ADV-2011-0333
VUPEN ADV-2011-0347
VUPEN ADV-2011-0464

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.