CVE-2010-0629

Publication date 6 April 2010

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

6.5 · Medium

Score breakdown

Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.

Status

Package Ubuntu Release Status
krb5 9.10 karmic
Not affected
9.04 jaunty
Fixed 1.6.dfsg.4~beta1-5ubuntu2.3
8.10 intrepid
Fixed 1.6.dfsg.4~beta1-3ubuntu0.4
8.04 LTS hardy
Fixed 1.6.dfsg.3~beta1-2ubuntu1.4
6.06 LTS dapper
Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
krb5

Severity score breakdown

Parameter Value
Base score 6.5 · Medium
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-924-1
    • Kerberos vulnerabilities
    • 7 April 2010

Other references