FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- remote denial of service vulnerability

Affected packages
krb5 <= 1.6.3_9

Details

VuXML ID a30573dc-4893-11df-a5f9-001641aeabdf
Discovery 2010-04-06
Entry 2010-04-18

An authenticated remote attacker can causing a denial of service by using a newer version of the kadmin protocol than the server supports.

The MIT Kerberos team also reports the cause:

The Kerberos administration daemon (kadmind) can crash due to referencing freed memory.

References

Bugtraq ID 39247
CVE Name CVE-2010-0629
URL http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt