Bug 556680 (CVE-2010-0283)

Summary: CVE-2010-0283 krb5 KDC denial of service
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: dpal, kreilly, rcvalle, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0283
Whiteboard: impact=important,source=upstream,reported=20100118,public=20100216,cvss2=7.8/AV:N/AC:L/Au:N/C:N/I:N/A:C,cwe=CWE-617
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-03-29 07:19:50 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 566002, 566003    
Bug Blocks:    

Description Vincent Danen 2010-01-18 22:45:03 EST
A flaw was found in how the KDC processed invalid requests.  An unauthenticated remote attacker could send an invalid request to a KDC process that would cause it to crash due to an assertion failure, resulting in a denial of service of the KDC.

This flaw only affects MIT krb5 version 1.7 and later; earlier versions did not contain the vulnerable code.
Comment 2 Vincent Danen 2010-02-16 16:22:11 EST
This is now public upstream via MITKRB5-SA-2010-001:

http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-001.txt

This issue does not affect Red Hat Enterprise Linux 3, 4, or 5 as they do not ship with Kerberos >=1.7, and this is a vulnerability in code introduced in Kerberos 1.7.

This issue does affect Fedora 11 and 12.
Comment 6 Fedora Update System 2010-02-18 17:26:32 EST
krb5-1.7.1-2.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.