CVE-2010-0628
published 2010-03-25CVE-2010-0628: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.33%
87.1th percentile
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.8+dfsg-1.1 (bookworm) | krb5 1.8+dfsg-1.1 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.8+dfsg-1.1 | 1.8+dfsg-1.1 |
| mit | krb5 | >= 0 < 1.8+dfsg-1.1 | 1.8+dfsg-1.1 |
| mit | krb5 | >= 0 < 1.8+dfsg-1.1 | 1.8+dfsg-1.1 |
| mit | krb5 | >= 0 < 1.8+dfsg-1.1 | 1.8+dfsg-1.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_ubuntu7.8HIGH
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)
vendor_redhat·2010-03-23·CVSS 5.0
CVE-2010-0628 [MEDIUM] CWE-617 krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)
krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
Statement: Not vulnerable. This flaw does not affect MIT krb5 as provided in Red Hat Enterprise Linux 3, 4, and 5.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2010-03-23·CVSS 7.8
CVE-2010-0283 [HIGH] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Kerberos vulnerabilities
Emmanuel Bouillon discovered that Kerberos did not correctly handle
certain message types. An unauthenticated remote attacker could send
specially crafted traffic to cause the KDC to crash, leading to a denial
of service. (CVE-2010-0283)
Nalin Dahyabhai, Jan iankko Lieskovsky, and Zbysek Mraz discovered
that Kerberos did not correctly handle certain GSS packets. An
unauthenticated remote attacker could send specially crafted traffic
that would cause services using GSS-API to crash, leading to a denial
of service. (CVE-2010-0628)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Debian
CVE-2010-0628: krb5 - The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in...
vendor_debian·2010·CVSS 5.0
CVE-2010-0628 [MEDIUM] CVE-2010-0628: krb5 - The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in...
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
Scope: local
bookworm: resolved (fixed in 1.8+dfsg-1.1)
bullseye: resolved (fixed in 1.8+dfsg-1.1)
forky: resolved (fixed in 1.8+dfsg-1.1)
sid: resolved (fixed in 1.8+dfsg-1.1)
trixie: resolved (fixed in 1.8+dfsg-1.1)
GHSA
GHSA-fv95-xjj6-g8qc: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech
ghsa_unreviewed·2022-05-02
CVE-2010-0628 [MEDIUM] GHSA-fv95-xjj6-g8qc: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
OSV
CVE-2010-0628: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech
osv·2010-03-25·CVSS 5.0
CVE-2010-0628 [MEDIUM] CVE-2010-0628: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2811 vdsm: SSL accept() blocks on a non-blocking Connection
bugzilla·2010-08-10·CVSS 5.7
CVE-2010-2811 [MEDIUM] CVE-2010-2811 vdsm: SSL accept() blocks on a non-blocking Connection
CVE-2010-2811 vdsm: SSL accept() blocks on a non-blocking Connection
It was found that VDSM did accept SSL connection in a flawed way. A malicious client could use this flaw to stop VDSM from accepting new connections (denial of service).
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Virtualization for RHEL-5
Via RHSA-2010:0628 https://rhn.redhat.com/errata/RHSA-2010-0628.html
---
This issue has been addressed in following products:
Red Hat Enterprise Virtualization for RHEL-5
Via RHSA-2010:0622 https://rhn.redhat.com/errata/RHSA-2010-0622.html
Bugzilla
CVE-2010-0628 krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)
bugzilla·2010-02-17·CVSS 5.0
CVE-2010-0628 [MEDIUM] CVE-2010-0628 krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)
CVE-2010-0628 krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)
A denial of service flaw was found in Kerberos's GSS-API spnego
security mechanism implementation. A remote attacker could use
this flaw to cause gss-server crash via invalid ContextFlags
for the reqFlags field in the NegTokenInit in spnego_mech.c,
which triggers an assertion failure. Similar vulnerability than
CVE-2009-0845.
PGP-signed patch from upstream will be available at:
http://web.mit.edu/kerberos/advisories/2010-002-patch.txt.asc
Discussion:
This issue does NOT affect the versions of the krb5-workstation
package, as shipped with Red Hat Enterprise Linux 3, 4, and 5.
This issue does NOT affect the version of the krb5-workstation-servers
package, as shipped with Fedora release of 11.
This is
http://secunia.com/advisories/39023http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txthttp://www.kb.cert.org/vuls/id/839413http://www.securityfocus.com/archive/1/510281/100/0/threadedhttp://www.securityfocus.com/bid/38904http://www.ubuntu.com/usn/USN-916-1https://bugzilla.redhat.com/show_bug.cgi?id=566258http://secunia.com/advisories/39023http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txthttp://www.kb.cert.org/vuls/id/839413http://www.securityfocus.com/archive/1/510281/100/0/threadedhttp://www.securityfocus.com/bid/38904http://www.ubuntu.com/usn/USN-916-1https://bugzilla.redhat.com/show_bug.cgi?id=566258
2010-03-25
Published