CVE-2010-0628
First published: Wed Feb 17 2010(Updated: )
A denial of service flaw was found in Kerberos's GSS-API spnego security mechanism implementation. A remote attacker could use this flaw to cause gss-server crash via invalid ContextFlags for the reqFlags field in the NegTokenInit in spnego_mech.c, which triggers an assertion failure. Similar vulnerability than <a href="https://access.redhat.com/security/cve/CVE-2009-0845">CVE-2009-0845</a>. PGP-signed patch from upstream will be available at: <a href="http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc">http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MIT Kerberos 5 Application | =1.7 | |
| MIT Kerberos 5 Application | =1.7.1 | |
| MIT Kerberos 5 Application | =1.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/839413
- http://www.ubuntu.com/usn/USN-916-1
- https://bugzilla.redhat.com/show_bug.cgi?id=566258
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
- http://www.securityfocus.com/bid/38904
- http://secunia.com/advisories/39023
- http://www.securityfocus.com/archive/1/510281/100/0/threaded
- https://access.redhat.com/security/cve/CVE-2009-0845
- http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc
- http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-002.txt
- http://admin.fedoraproject.org/updates/krb5-1.7.1-6.fc12
- http://admin.fedoraproject.org/updates/krb5-1.7.1-7.fc13
Frequently Asked Questions
What is the severity of CVE-2010-0628?
CVE-2010-0628 is classified as a high severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2010-0628?
To fix CVE-2010-0628, you should update to a patched version of MIT Kerberos 5 that addresses this flaw.
Which versions of MIT Kerberos 5 are affected by CVE-2010-0628?
The affected versions of MIT Kerberos 5 include 1.7, 1.7.1, and 1.8.
What type of attack can exploit CVE-2010-0628?
CVE-2010-0628 can be exploited by remote attackers to create a denial of service condition by crashing the gss-server.
What mechanism is impacted by CVE-2010-0628?
CVE-2010-0628 affects the GSS-API spnego security mechanism implementation in Kerberos.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0628
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/softwarecombine
- agent/tags
- vendor/mit
- canonical/mit kerberos 5 application
- version/mit kerberos 5 application/1.7
- version/mit kerberos 5 application/1.7.1
- version/mit kerberos 5 application/1.8