CVE-2010-0283
published 2010-02-22CVE-2010-0283: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion…
PriorityP430high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
2.43%
82.2th percentile
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.8+dfsg~alpha1-7 (bookworm) | krb5 1.8+dfsg~alpha1-7 (bookworm) |
| mit | kerberos | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-7 | 1.8+dfsg~alpha1-7 |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-7 | 1.8+dfsg~alpha1-7 |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-7 | 1.8+dfsg~alpha1-7 |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-7 | 1.8+dfsg~alpha1-7 |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: possible kernel oops from user MSS
vendor_redhat·2010-11-10·CVSS 4.9
CVE-2010-4165 [MEDIUM] kernel: possible kernel oops from user MSS
kernel: possible kernel oops from user MSS
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0283.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2010-03-23·CVSS 7.8
CVE-2010-0283 [HIGH] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Kerberos vulnerabilities
Emmanuel Bouillon discovered that Kerberos did not correctly handle
certain message types. An unauthenticated remote attacker could send
specially crafted traffic to cause the KDC to crash, leading to a denial
of service. (CVE-2010-0283)
Nalin Dahyabhai, Jan iankko Lieskovsky, and Zbysek Mraz discovered
that Kerberos did not correctly handle certain GSS packets. An
unauthenticated remote attacker could send specially crafted traffic
that would cause services using GSS-API to crash, leading to a denial
of service. (CVE-2010-0628)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
krb5 KDC denial of service
vendor_redhat·2010-02-16·CVSS 7.8
CVE-2010-0283 [HIGH] CWE-617 krb5 KDC denial of service
krb5 KDC denial of service
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
Statement: Not vulnerable. This issue did not affect the versions of MIT Kerberos 5 as shipped with Red Hat Enterprise Linux 3, 4 or 5. Those versions do not contain the vulnerable code that was introduced in krb5 1.7.
Debian
CVE-2010-0283: krb5 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2,...
vendor_debian·2010·CVSS 7.8
CVE-2010-0283 [HIGH] CVE-2010-0283: krb5 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2,...
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
Scope: local
bookworm: resolved (fixed in 1.8+dfsg~alpha1-7)
bullseye: resolved (fixed in 1.8+dfsg~alpha1-7)
forky: resolved (fixed in 1.8+dfsg~alpha1-7)
sid: resolved (fixed in 1.8+dfsg~alpha1-7)
trixie: resolved (fixed in 1.8+dfsg~alpha1-7)
VulDB
MIT Kerberos 5-1.7/5-1.7.1/5-1.8 Key Distribution Center input validation (Nessus ID 45571 / ID 165243)
vuldb·2026-05-01·CVSS 7.8
CVE-2010-0283 [HIGH] MIT Kerberos 5-1.7/5-1.7.1/5-1.8 Key Distribution Center input validation (Nessus ID 45571 / ID 165243)
A vulnerability was found in MIT Kerberos 5-1.7/5-1.7.1/5-1.8 and classified as problematic. The impacted element is an unknown function of the component Key Distribution Center. Executing a manipulation can lead to improper input validation.
This vulnerability is handled as CVE-2010-0283. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
GHSA
GHSA-jwfx-h8qj-v94c: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
ghsa_unreviewed·2022-05-02
CVE-2010-0283 [HIGH] CWE-20 GHSA-jwfx-h8qj-v94c: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
OSV
CVE-2010-0283: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
osv·2010-02-22·CVSS 7.8
CVE-2010-0283 [HIGH] CVE-2010-0283: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
No detection rules found.
No public exploits indexed.
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.htmlhttp://secunia.com/advisories/38598http://secunia.com/advisories/39023http://secunia.com/advisories/40220http://securitytracker.com/id?1023593http://support.apple.com/kb/HT4188http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txthttp://www.securityfocus.com/archive/1/509553/100/0/threadedhttp://www.securityfocus.com/bid/38260http://www.ubuntu.com/usn/USN-916-1http://www.vupen.com/english/advisories/2010/1481http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035222.htmlhttp://secunia.com/advisories/38598http://secunia.com/advisories/39023http://secunia.com/advisories/40220http://securitytracker.com/id?1023593http://support.apple.com/kb/HT4188http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txthttp://www.securityfocus.com/archive/1/509553/100/0/threadedhttp://www.securityfocus.com/bid/38260http://www.ubuntu.com/usn/USN-916-1http://www.vupen.com/english/advisories/2010/1481
2010-02-22
Published