thr3ads.net - Secure testing team - [Secure-testing-team] Bug#575740: CVE-2010-0628 (MITKRB5-SA-2010-002) [Mar 2010]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Mar-28 20:59 UTC

[Secure-testing-team] Bug#575740: CVE-2010-0628 (MITKRB5-SA-2010-002)

Package: krb5
Version: 1.8+dfsg~alpha1-7
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for krb5.

CVE-2010-0628[0]:
| The spnego_gss_accept_sec_context function in
| lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in
| MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows
| remote attackers to cause a denial of service (assertion failure and
| daemon crash) via an invalid packet that triggers incorrect
| preparation of an error token.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628
    http://security-tracker.debian.org/tracker/CVE-2010-0628


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuvwzgACgkQNxpp46476apSagCfbj0ouyXv6uz8gDdtq9uYC+xm
PmYAoJcaMNl/MUL0640VxwW4yZByKIjq
=0mge
-----END PGP SIGNATURE-----

Secure testing team - Mar 2010 - Bug#575740: CVE-2010-0628 (MITKRB5-SA-2010-002)

[Secure-testing-team] Bug#575740: CVE-2010-0628 (MITKRB5-SA-2010-002)