Red Hat Bugzilla – Bug 664009
CVE-2010-4022 krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
Last modified: 2016-01-22 12:07:53 EST
A denial of service flaw was found in the way kpropd,
a Kerberos V5 slave KDC update server, processed certain
update requests for KDC database propagation. A remote,
unauthenticated user could use this flaw to cause kpropd
daemon to terminate (stop the Kerberos server replication
This issue did NOT affect the versions of the krb5 package,
as shipped with Red Hat Enterprise Linux 4 and 5.
This issue affects the version of the krb5 package,
as shipped with Red Hat Enterprise Linux 6.
This issue is now public:
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5 as the flaw was introduced in a later version of MIT krb5 (1.7).
Created krb5 tracking bugs for this issue
Affects: fedora-all [bug 676127]
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:0200 https://rhn.redhat.com/errata/RHSA-2011-0200.html