ubuntu · CVE-2002-2443

Quick triage

Priority: low Published: 2013-05-10 00:00:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2002-2443 low priority: Ubuntu including 1 source packages (krb5), 7 status rows across 7 suites (lucid, precise, trusty, upstream, utopic, vivid, wily): not-affected 4, released 2, ignored 1.

Description:

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

cvelogic Threat Intelligence