Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3295

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-3295
Last Modified 29 Jun 2010 12:00:00
Published 29 Dec 2009 03:41:19
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3295

Summary

The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.

Vulnerable Systems

Application

  • Mit Kerberos 5-1.7


References

VUPEN - ADV-2009-3652

BID - 37486

BUGTRAQ - 20091228 MITKRB5-SA-2009-003 [CVE-2009-3295] KDC denial of service in cross-realm referral processing

CONFIRM - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-003.txt

SECTRACK - 1023392

SECUNIA - 37977


Last Updated: 27 May 2016 10:51:12