CVE-2009-3295 - The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in th

CVE-2009-3295

Summary

The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.

References

Vulnerable Configurations

cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 21-01-2020 - 15:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	37486
bugtraq	20091228 MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing
confirm	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-003.txt
sectrack	1023392
secunia	37977
vupen	ADV-2009-3652

statements via4

contributor	Tomas Hoger
lastmodified	2010-01-11
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, or 5.

Last major update

21-01-2020 - 15:45

Published

29-12-2009 - 20:41

Last modified

21-01-2020 - 15:45