CVE-2010-0628 — Reachable Assertion in Kerberos 5

CWE-617 — Reachable Assertion9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

0.9%

top 23.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedMar 25

Latest updateMay 2

Description

The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianmit/krb5< 1.8+dfsg-1.1+3

▶NVDmit/kerberos_51.7, 1.7.1, 1.8+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-fv95-xjj6-g8qc: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech↗2022-05-02

▶

CVEList

CVE-2010-0628: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech↗2010-03-25

▶

OSV

CVE-2010-0628: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech↗2010-03-25

▶

📋Vendor Advisories

Red Hat

krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)↗2010-03-23

▶

Ubuntu

Kerberos vulnerabilities↗2010-03-23

▶

Debian

CVE-2010-0628: krb5 - The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in...↗2010

▶

💬Community

Bugzilla

CVE-2010-2811 vdsm: SSL accept() blocks on a non-blocking Connection↗2010-08-10

▶

Bugzilla

CVE-2010-0628 krb5: Assertion failure in GSSAPI SPNEGO mechanism (MITKRB5-SA-2010-002)↗2010-02-17

▶