CVE-2010-0628 - OpenCVE

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mit	Kerberos 5

Configuration 1 [-]

OR	cpe:2.3:a:mit:kerberos_5:1.7:::::::*
	cpe:2.3:a:mit:kerberos_5:1.7.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.8:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/39023
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
http://www.kb.cert.org/vuls/id/839413
http://www.securityfocus.com/archive/1/510281/100/0/threaded
http://www.securityfocus.com/bid/38904
http://www.ubuntu.com/usn/USN-916-1
https://bugzilla.redhat.com/show_bug.cgi?id=566258
https://nvd.nist.gov/vuln/detail/CVE-2010-0628
https://www.cve.org/CVERecord?id=CVE-2010-0628

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-03-25T22:00:00

Updated: 2024-08-07T00:52:19.631Z

Reserved: 2010-02-12T00:00:00

Link: CVE-2010-0628

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-03-25T22:30:00.500

Modified: 2020-01-21T15:45:54.570

Link: CVE-2010-0628

Redhat

Severity : Important

Publid Date: 2010-03-23T00:00:00Z

Links: CVE-2010-0628 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-916-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-916-1"}, {"name": "20100323 MITKRB5-SA-2010-002 denial of service in SPNEGO [CVE-2010-0628 VU#839413]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/510281/100/0/threaded"}, {"name": "38904", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38904"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566258"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt"}, {"name": "39023", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39023"}, {"name": "VU#839413", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/839413"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0628", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-916-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-916-1"}, {"name": "20100323 MITKRB5-SA-2010-002 denial of service in SPNEGO [CVE-2010-0628 VU#839413]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/510281/100/0/threaded"}, {"name": "38904", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38904"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=566258", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566258"}, {"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt"}, {"name": "39023", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39023"}, {"name": "VU#839413", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/839413"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:52:19.631Z"}, "title": "CVE Program Container", "references": [{"name": "USN-916-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-916-1"}, {"name": "20100323 MITKRB5-SA-2010-002 denial of service in SPNEGO [CVE-2010-0628 VU#839413]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/510281/100/0/threaded"}, {"name": "38904", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38904"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566258"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt"}, {"name": "39023", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39023"}, {"name": "VU#839413", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/839413"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0628", "datePublished": "2010-03-25T22:00:00", "dateReserved": "2010-02-12T00:00:00", "dateUpdated": "2024-08-07T00:52:19.631Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4B09C090-B842-43C7-B8A6-DBF63D80FEC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "36823B2B-5C72-4FF3-9301-FB263EB8CE09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token."}, {"lang": "es", "value": "La funci\u00f3n spnego_gss_accept_sec_context en lib/gssapi/SPNEGO/spnego_mech.c en la funcionalidad GSS-API de SPNEGO en MIT Kerberos 5 (alias krb5) v1.7 antes de v1.7.2 y v1.8 antes de v1.8.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo en una aserci\u00f3n y ca\u00edda del demonio) a trav\u00e9s de un paquete no v\u00e1lido que desencadena una incorrecta generaci\u00f3n de un token de error."}], "id": "CVE-2010-0628", "lastModified": "2020-01-21T15:45:54.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-03-25T22:30:00.500", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/39023"}, {"source": "cve@mitre.org", "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/839413"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/510281/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/38904"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-916-1"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566258"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This flaw does not affect MIT krb5 as provided in Red Hat Enterprise Linux 3, 4, and 5.", "lastModified": "2010-03-26T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}