CVE-2010-4022

Related Files

Gentoo Linux Security Advisory 201201-13

Posted Jan 24, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2011-4151

SHA-256 | 5fe5b981b497ad572aa4e53428ce29f2dcd53be74dc124715f4b3cff09100dd9

Download | Favorite | View

Ubuntu Security Notice USN-1062-1

Posted Feb 15, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1062-1 - Keiichi Mori discovered that the MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial of service attack due to improper logic when a worker child process exited because of invalid network input. This could only occur when kpropd is running in standalone mode; kpropd was not affected when running in incremental propagation mode ("iprop") or as an inetd server. This issue only affects Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu 10.10. Kevin Longfellow and others discovered that the MIT krb5 Key Distribution Center (KDC) daemon is vulnerable to denial of service attacks when using an LDAP back end due to improper handling of network input.

tags | advisory, denial of service

systems | linux, ubuntu

advisories | CVE-2010-4022, CVE-2011-0281, CVE-2011-0282

SHA-256 | 026c107b8e69f09a0f231a9050536cf994a0857a0a7ecb94245b288ee26ca969

Download | Favorite | View

Mandriva Linux Security Advisory 2011-025

Posted Feb 10, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-025 - The MIT krb5 KDC database propagation daemon is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on From receiving database updates from the master KDC. The MIT krb5 Key Distribution Center daemon is vulnerable to denial of service attacks from unauthenticated remote attackers. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service

systems | linux, mandriva

advisories | CVE-2010-4022, CVE-2011-0281, CVE-2011-0282

SHA-256 | 5e22724c4dc283ee4ca3c1336f27444da0ddb0aad7ab32ac287c51831cc7e1b3

Download | Favorite | View

MIT krb5 Security Advisory 2011-001

Posted Feb 8, 2011

Site web.mit.edu

MIT krb5 Security Advisory 2011-001 - The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on from receiving database updates from the master KDC.

tags | advisory

advisories | CVE-2010-4022

SHA-256 | 7cf25f2ff026501a57cf8c31911a2fe6b46fe68de815df7baaf8ae13556ff833

Download | Favorite | View