MIT Kerberos 5 Kpasswd UDP Packet Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running MIT Kerberos and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow attacker to cause a denial of service via a forged packet that triggers a communication loop. Impact Level: Application

Solution

Upgrade to MIT Kerberos 5 version 1.11.3 or later, For updates refer to http://web.mit.edu/kerberos

Insight

The flaw is caused due to the kpasswd application does not properly validate UDP packets before sending responses and can be exploited to exhaust CPU and network resources via the UDP 'ping-pong' attack.

Affected

MIT Kerberos 5 before 1.11.3

References

http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
http://seclists.org/oss-sec/2013/q2/316
http://secunia.com/advisories/53375
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c

Updated on 2015-03-25

Severity

Classification

CVE CVE-2002-2443
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability
Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)
Beckhoff TwinCAT 'TCATSysSrv.exe' Network Packet Denial of Service Vulnerability
F-PROT AV 'ELF' Header Denial of Service Vulnerability
Active Perl Denial of Service Vulnerability Feb 2014 (Windows)

MIT Kerberos 5 kpasswd UDP Packet Denial Of Service Vulnerability

Take action and discover your vulnerabilities