REDHAT-BUG-566258
First published: Wed Feb 17 2010(Updated: )
A denial of service flaw was found in Kerberos's GSS-API spnego security mechanism implementation. A remote attacker could use this flaw to cause gss-server crash via invalid ContextFlags for the reqFlags field in the NegTokenInit in spnego_mech.c, which triggers an assertion failure. Similar vulnerability than <a href="https://access.redhat.com/security/cve/CVE-2009-0845">CVE-2009-0845</a>. PGP-signed patch from upstream will be available at: <a href="http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc">http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MIT Kerberos 5 Application |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2009-0845
- http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc
- http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2010-002.txt
- http://admin.fedoraproject.org/updates/krb5-1.7.1-6.fc12
- http://admin.fedoraproject.org/updates/krb5-1.7.1-7.fc13
- https://bugzilla.redhat.com/show_bug.cgi?id=566258
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0628
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mit
- canonical/mit kerberos 5 application