CVE-2010-0629

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-0629
Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052 Exploit Issue Tracking Mailing List
http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998 Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html Mailing List
http://secunia.com/advisories/39264 Broken Link
http://secunia.com/advisories/39290 Broken Link
http://secunia.com/advisories/39315 Broken Link
http://secunia.com/advisories/39324 Broken Link
http://secunia.com/advisories/39367 Broken Link
http://securitytracker.com/id?1023821 Broken Link Third Party Advisory VDB Entry
http://ubuntu.com/usn/usn-924-1 Third Party Advisory
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt Patch Vendor Advisory
http://www.debian.org/security/2010/dsa-2031 Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2010:071 Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0343.html Broken Link
http://www.securityfocus.com/archive/1/510566/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/39247 Broken Link Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/0876 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9489 Broken Link
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052 Exploit Issue Tracking Mailing List
http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998 Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html Mailing List
http://secunia.com/advisories/39264 Broken Link
http://secunia.com/advisories/39290 Broken Link
http://secunia.com/advisories/39315 Broken Link
http://secunia.com/advisories/39324 Broken Link
http://secunia.com/advisories/39367 Broken Link
http://securitytracker.com/id?1023821 Broken Link Third Party Advisory VDB Entry
http://ubuntu.com/usn/usn-924-1 Third Party Advisory
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt Patch Vendor Advisory
http://www.debian.org/security/2010/dsa-2031 Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2010:071 Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0343.html Broken Link
http://www.securityfocus.com/archive/1/510566/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/39247 Broken Link Patch Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/0876 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9489 Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
History

21 Nov 2024, 01:12

Type Values Removed Values Added
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052 - Exploit, Issue Tracking, Mailing List () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052 - Exploit, Issue Tracking, Mailing List
References () http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998 - Vendor Advisory () http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998 - Vendor Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html - Mailing List () http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html - Mailing List
References () http://secunia.com/advisories/39264 - Broken Link () http://secunia.com/advisories/39264 - Broken Link
References () http://secunia.com/advisories/39290 - Broken Link () http://secunia.com/advisories/39290 - Broken Link
References () http://secunia.com/advisories/39315 - Broken Link () http://secunia.com/advisories/39315 - Broken Link
References () http://secunia.com/advisories/39324 - Broken Link () http://secunia.com/advisories/39324 - Broken Link
References () http://secunia.com/advisories/39367 - Broken Link () http://secunia.com/advisories/39367 - Broken Link
References () http://securitytracker.com/id?1023821 - Broken Link, Third Party Advisory, VDB Entry () http://securitytracker.com/id?1023821 - Broken Link, Third Party Advisory, VDB Entry
References () http://ubuntu.com/usn/usn-924-1 - Third Party Advisory () http://ubuntu.com/usn/usn-924-1 - Third Party Advisory
References () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt - Patch, Vendor Advisory () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt - Patch, Vendor Advisory
References () http://www.debian.org/security/2010/dsa-2031 - Mailing List () http://www.debian.org/security/2010/dsa-2031 - Mailing List
References () http://www.mandriva.com/security/advisories?name=MDVSA-2010:071 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2010:071 - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2010-0343.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2010-0343.html - Broken Link
References () http://www.securityfocus.com/archive/1/510566/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/510566/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/39247 - Broken Link, Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/39247 - Broken Link, Patch, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2010/0876 - Broken Link () http://www.vupen.com/english/advisories/2010/0876 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9489 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9489 - Broken Link

02 Feb 2024, 16:52

Type Values Removed Values Added
CPE cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*		 cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
CVSS v2 : 4.0
v3 : unknown 		v2 : 4.0
v3 : 6.5
First Time Canonical
Canonical ubuntu Linux
Suse
Suse linux Enterprise
Fedoraproject fedora
Opensuse opensuse
Fedoraproject
Opensuse
CWE CWE-399 CWE-416
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html - Mailing List
References (SECUNIA) http://secunia.com/advisories/39367 - (SECUNIA) http://secunia.com/advisories/39367 - Broken Link
References (BID) http://www.securityfocus.com/bid/39247 - Patch (BID) http://www.securityfocus.com/bid/39247 - Broken Link, Patch, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/39264 - (SECUNIA) http://secunia.com/advisories/39264 - Broken Link
References (BUGTRAQ) http://www.securityfocus.com/archive/1/510566/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/510566/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/39315 - (SECUNIA) http://secunia.com/advisories/39315 - Broken Link
References (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html - (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038556.html - Mailing List
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2010-0343.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2010-0343.html - Broken Link
References (CONFIRM) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052 - (CONFIRM) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567052 - Exploit, Issue Tracking, Mailing List
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:071 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2010:071 - Broken Link
References (SECTRACK) http://securitytracker.com/id?1023821 - (SECTRACK) http://securitytracker.com/id?1023821 - Broken Link, Third Party Advisory, VDB Entry
References (UBUNTU) http://ubuntu.com/usn/usn-924-1 - (UBUNTU) http://ubuntu.com/usn/usn-924-1 - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/39290 - (SECUNIA) http://secunia.com/advisories/39290 - Broken Link
References (DEBIAN) http://www.debian.org/security/2010/dsa-2031 - (DEBIAN) http://www.debian.org/security/2010/dsa-2031 - Mailing List
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9489 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9489 - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2010/0876 - (VUPEN) http://www.vupen.com/english/advisories/2010/0876 - Broken Link
References (SECUNIA) http://secunia.com/advisories/39324 - (SECUNIA) http://secunia.com/advisories/39324 - Broken Link
References (CONFIRM) http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998 - (CONFIRM) http://krbdev.mit.edu/rt/Ticket/Display.html?id=5998 - Vendor Advisory
Information

Published : 2010-04-07 15:30

Updated : 2024-11-21 01:12

NVD link : CVE-2010-0629

Mitre link : CVE-2010-0629

CVE.ORG link : CVE-2010-0629

JSON object : View

Products Affected

opensuse

  • opensuse

canonical

  • ubuntu_linux

suse

  • linux_enterprise

mit

  • kerberos_5

fedoraproject

  • fedora
CWE
CWE-416

Use After Free


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024