CVE-2002-2443
published 2013-05-29CVE-2002-2443: schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which…
PriorityP429medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
6.49%
92.9th percentile
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | krb5 | < krb5 1.10.1+dfsg-6 (bookworm) | krb5 1.10.1+dfsg-6 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| mit | kerberos_5 | < 1.11.3 | 1.11.3 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-6 | 1.10.1+dfsg-6 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-6 | 1.10.1+dfsg-6 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-6 | 1.10.1+dfsg-6 |
| mit | krb5 | >= 0 < 1.10.1+dfsg-6 | 1.10.1+dfsg-6 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.2 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cqf2-6q6w-6cqw: schpw
ghsa_unreviewed·2022-04-30·CVSS 5.0
CVE-2002-2443 [MEDIUM] CWE-20 GHSA-cqf2-6q6w-6cqw: schpw
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
OSV
krb5 vulnerabilities
osv·2015-11-12·CVSS 5.0
CVE-2002-2443 [MEDIUM] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that the Kerberos kpasswd service incorrectly handled
certain UDP packets. A remote attacker could possibly use this issue to
cause resource consumption, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS. (CVE-2002-2443)
It was discovered that Kerberos incorrectly handled null bytes in certain
data fields. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-5355)
It was discovered that the Kerberos kdcpreauth modules incorrectly tracked
certain client requests. A remote attacker could possibly use this issue
to bypass intended preauthentication requirements. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-20
OSV
CVE-2002-2443: schpw
osv·2013-05-29·CVSS 5.0
CVE-2002-2443 [MEDIUM] CVE-2002-2443: schpw
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2015-11-12·CVSS 5.0
CVE-2002-2443 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that the Kerberos kpasswd service incorrectly handled
certain UDP packets. A remote attacker could possibly use this issue to
cause resource consumption, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS. (CVE-2002-2443)
It was discovered that Kerberos incorrectly handled null bytes in certain
data fields. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-5355)
It was discovered that the Kerberos kdcpreauth modules incorrectly tracked
certain client requests. A remote attacker could possibly use this issue
to bypass intended preauthentication requirements
Red Hat
krb5: UDP ping-pong flaw in kpasswd
vendor_redhat·2002-06-16·CVSS 5.0
CVE-2002-2443 [MEDIUM] krb5: UDP ping-pong flaw in kpasswd
krb5: UDP ping-pong flaw in kpasswd
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Debian
CVE-2002-2443: krb5 - schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1....
vendor_debian·2002·CVSS 5.0
CVE-2002-2443 [MEDIUM] CVE-2002-2443: krb5 - schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1....
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Scope: local
bookworm: resolved (fixed in 1.10.1+dfsg-6)
bullseye: resolved (fixed in 1.10.1+dfsg-6)
forky: resolved (fixed in 1.10.1+dfsg-6)
sid: resolved (fixed in 1.10.1+dfsg-6)
trixie: resolved (fixed in 1.10.1+dfsg-6)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd
bugzilla·2013-05-13·CVSS 5.0
CVE-2002-2443 [MEDIUM] CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd
CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd
A flaw in certain programs that handle UDP traffic was discovered and assigned the name CVE-1999-0103 (that CVE specifically mentions echo and chargen as vulnerable). In 2002, a Nessus plugin was included [1] that reference this CVE name, but was for the kpasswd service. Until recently, this issue had not been reported upstream. This issue has since been reported upstream [2] and is now fixed [3].
If a malicious remote user were to spoof their IP address to that of another server running kadmind with the password change port (kpasswd, port 464), or to the target server's IP address itself), kpasswd will pass UDP packets to the spoofed address and reply each time. This can be used to consume bandwidth and CPU on the affected servers runnin
Bugzilla
CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd [fedora-all]
bugzilla·2013-05-13·CVSS 5.0
CVE-2002-2443 [MEDIUM] CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd [fedora-all]
CVE-2002-2443 krb5: UDP ping-pong flaw in kpasswd [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple s
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105879.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105978.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/106698.htmlhttp://lists.opensuse.org/opensuse-updates/2013-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2013-07/msg00007.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0942.htmlhttp://www.debian.org/security/2013/dsa-2701http://www.mandriva.com/security/advisories?name=MDVSA-2013:166http://www.ubuntu.com/usn/USN-2810-1https://bugzilla.redhat.com/show_bug.cgi?id=962531https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322chttp://krbdev.mit.edu/rt/Ticket/Display.html?id=7637http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105879.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105978.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/106698.htmlhttp://lists.opensuse.org/opensuse-updates/2013-07/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2013-07/msg00007.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0942.htmlhttp://www.debian.org/security/2013/dsa-2701http://www.mandriva.com/security/advisories?name=MDVSA-2013:166http://www.ubuntu.com/usn/USN-2810-1https://bugzilla.redhat.com/show_bug.cgi?id=962531https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
2013-05-29
Published