First published: Wed Feb 17 2010(Updated: )
A denial of service flaw was found in Kerberos's GSS-API spnego security mechanism implementation. A remote attacker could use this flaw to cause gss-server crash via invalid ContextFlags for the reqFlags field in the NegTokenInit in spnego_mech.c, which triggers an assertion failure. Similar vulnerability than <a href="https://access.redhat.com/security/cve/CVE-2009-0845">CVE-2009-0845</a>. PGP-signed patch from upstream will be available at: <a href="http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc">http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MIT Kerberos 5 | =1.7 | |
MIT Kerberos 5 | =1.7.1 | |
MIT Kerberos 5 | =1.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.