CVE-2010-4022

krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.

La función do_standalone en MIT krb5 KDC del demonio de propagación de la base de datos (kpropd) en Kerberos v1.7, v1.8 y v1.9, cuando se ejecuta en modo autónomo, no maneja adecuadamente cuando un proceso hijo en funcionamiento "finaliza anormalmente", lo que permite a atacantes remotos provocar una denegación de servicio (finalización de la escucha de procesos, sin nuevas conexiones y una falta de actualizaciones en el KVC esclavo) a través de vectores no especificados.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-10-20 CVE Reserved
2011-02-10 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (16)

URL	Tag	Source
http://securityreason.com/securityalert/8070	Third Party Advisory
http://www.securityfocus.com/archive/1/516286/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/46269	Vdb Entry
http://www.securitytracker.com/id?1025035	Vdb Entry
http://www.vupen.com/english/advisories/2011/0464	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt	2020-01-21

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.html	2020-01-21
http://secunia.com/advisories/43260	2020-01-21
http://secunia.com/advisories/43275	2020-01-21
http://www.mandriva.com/security/advisories?name=MDVSA-2011:025	2020-01-21
http://www.redhat.com/support/errata/RHSA-2011-0200.html	2020-01-21
http://www.vupen.com/english/advisories/2011/0329	2020-01-21
http://www.vupen.com/english/advisories/2011/0333	2020-01-21
http://www.vupen.com/english/advisories/2011/0347	2020-01-21
https://access.redhat.com/security/cve/CVE-2010-4022	2011-02-08
https://bugzilla.redhat.com/show_bug.cgi?id=664009	2011-02-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.7 Search vendor "Mit" for product "Kerberos 5" and version "1.7"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.8 Search vendor "Mit" for product "Kerberos 5" and version "1.8"		-		Affected
Mit Search vendor "Mit"		Kerberos 5 Search vendor "Mit" for product "Kerberos 5"				1.9 Search vendor "Mit" for product "Kerberos 5" and version "1.9"		-		Affected