CVE-2003-0058 — Kerberos 5 vulnerability

7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

19.3%

top 4.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5 SUN Enterprise Authentication Mechanism +2 more

Timeline

PublishedFeb 19

Latest updateApr 29

Description

MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDmit/kerberos_54 versions+3

▶Debianmit/krb5< 1.2.5-1+3

▶NVDsun/sunos5.8

▶NVDsun/solaris8.0, 9.0+1

▶NVDsun/enterprise_authentication_mechanism1.0

Patches

Patch: web.mit.edu ↗Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mfh7-xj2q-5w6v: MIT Kerberos V5 Key Distribution Center (KDC) before 1↗2022-04-29

▶

CVEList

CVE-2003-0058: MIT Kerberos V5 Key Distribution Center (KDC) before 1↗2004-09-01

▶

OSV

CVE-2003-0058: MIT Kerberos V5 Key Distribution Center (KDC) before 1↗2003-02-19

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-01-28

▶

Debian

CVE-2003-0058: krb5 - MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authent...↗2003

▶

💬Community

Bugzilla

CVE-2003-0058 security flaw↗2018-08-16

▶