CVE-2010-4022
published 2011-02-10CVE-2010-4022: The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.65%
88.2th percentile
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.8.3+dfsg-5 (bookworm) | krb5 1.8.3+dfsg-5 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.8.3+dfsg-5 | 1.8.3+dfsg-5 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-5 | 1.8.3+dfsg-5 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-5 | 1.8.3+dfsg-5 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-5 | 1.8.3+dfsg-5 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x83g-f3w6-mr3j: The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1
ghsa_unreviewed·2022-05-13
CVE-2010-4022 [MEDIUM] CWE-20 GHSA-x83g-f3w6-mr3j: The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
OSV
CVE-2010-4022: The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1
osv·2011-02-10·CVSS 5.0
CVE-2010-4022 [MEDIUM] CVE-2010-4022: The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2011-02-15·CVSS 5.0
CVE-2010-4022 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Keiichi Mori discovered that the MIT krb5 KDC database propagation
daemon (kpropd) is vulnerable to a denial of service attack due
to improper logic when a worker child process exited because
of invalid network input. This could only occur when kpropd is
running in standalone mode; kpropd was not affected when running in
incremental propagation mode ("iprop") or as an inetd server. This
issue only affects Ubuntu 9.10, Ubuntu 10.04 LTS, and Ubuntu
10.10. (CVE-2010-4022)
Kevin Longfellow and others discovered that the MIT krb5 Key
Distribution Center (KDC) daemon is vulnerable to denial of service
attacks when using an LDAP back end due to improper handling of
network input. (CVE-2011-0281, CVE-2011-0282)
Instructions: In general, a standard system update w
Red Hat
krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
vendor_redhat·2011-02-08·CVSS 5.0
CVE-2010-4022 [MEDIUM] krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5 as the flaw was introduced in a later version of MIT krb5 (1.7).
Package: krb5 (Red Hat Enterprise Linux 4) - Not affected
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Red Hat
BIND upstream fix for CVE-2009-4022 is incomplete
vendor_redhat·2010-01-19·CVSS 2.6
CVE-2010-0290 [LOW] BIND upstream fix for CVE-2009-4022 is incomplete
BIND upstream fix for CVE-2009-4022 is incomplete
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Red Hat
bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022
vendor_redhat·2010-01-19·CVSS 2.6
CVE-2010-0382 [LOW] bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022
bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Debian
CVE-2010-4022: krb5 - The do_standalone function in the MIT krb5 KDC database propagation daemon (kpro...
vendor_debian·2010·CVSS 5.0
CVE-2010-4022 [MEDIUM] CVE-2010-4022: krb5 - The do_standalone function in the MIT krb5 KDC database propagation daemon (kpro...
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
Scope: local
bookworm: resolved (fixed in 1.8.3+dfsg-5)
bullseye: resolved (fixed in 1.8.3+dfsg-5)
forky: resolved (fixed in 1.8.3+dfsg-5)
sid: resolved (fixed in 1.8.3+dfsg-5)
trixie: resolved (fixed in 1.8.3+dfsg-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 krb5 various flaws [fedora-all]
bugzilla·2011-02-08·CVSS 5.0
CVE-2010-4022 [MEDIUM] CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 krb5 various flaws [fedora-all]
CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 krb5 various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=664009
Please note: this issue affects multiple
Bugzilla
CVE-2010-4022 krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
bugzilla·2010-12-17·CVSS 5.0
CVE-2010-4022 [MEDIUM] CVE-2010-4022 krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
CVE-2010-4022 krb5: kpropd unexpected termination on invalid input (MITKRB5-SA-2011-001)
A denial of service flaw was found in the way kpropd,
a Kerberos V5 slave KDC update server, processed certain
update requests for KDC database propagation. A remote,
unauthenticated user could use this flaw to cause kpropd
daemon to terminate (stop the Kerberos server replication
process).
Discussion:
This issue did NOT affect the versions of the krb5 package,
as shipped with Red Hat Enterprise Linux 4 and 5.
This issue affects the version of the krb5 package,
as shipped with Red Hat Enterprise Linux 6.
---
This issue is now public:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt
---
Statement:
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise L
Bugzilla
CVE-2010-0382 bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022
bugzilla·2010-01-22·CVSS 2.6
CVE-2010-0382 [LOW] CVE-2010-0382 bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022
CVE-2010-0382 bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0382 to
the following vulnerability:
Name: CVE-2010-0382
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0382
Assigned: 20100122
Reference: CONFIRM: https://www.isc.org/advisories/CVE-2009-4022v6
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick
data accompanying a secure response without re-fetching from the
original source, which allows remote attackers to have an unspecified
impact via a crafted response, aka Bug 20819. NOTE: this vulnerability
exists because of a regression during the fix for CVE-2009-4022
Discussion:
I'
Bugzilla
CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete
bugzilla·2010-01-20·CVSS 2.6
CVE-2010-0290 [LOW] CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete
CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete
The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries.
Discussion:
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0062 https://rhn.redhat.com/errata/RHSA-2010-0062.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.htmlhttp://secunia.com/advisories/43260http://secunia.com/advisories/43275http://securityreason.com/securityalert/8070http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txthttp://www.mandriva.com/security/advisories?name=MDVSA-2011:025http://www.redhat.com/support/errata/RHSA-2011-0200.htmlhttp://www.securityfocus.com/archive/1/516286/100/0/threadedhttp://www.securityfocus.com/bid/46269http://www.securitytracker.com/id?1025035http://www.vupen.com/english/advisories/2011/0329http://www.vupen.com/english/advisories/2011/0333http://www.vupen.com/english/advisories/2011/0347http://www.vupen.com/english/advisories/2011/0464http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00004.htmlhttp://secunia.com/advisories/43260http://secunia.com/advisories/43275http://securityreason.com/securityalert/8070http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txthttp://www.mandriva.com/security/advisories?name=MDVSA-2011:025http://www.redhat.com/support/errata/RHSA-2011-0200.htmlhttp://www.securityfocus.com/archive/1/516286/100/0/threadedhttp://www.securityfocus.com/bid/46269http://www.securitytracker.com/id?1025035http://www.vupen.com/english/advisories/2011/0329http://www.vupen.com/english/advisories/2011/0333http://www.vupen.com/english/advisories/2011/0347http://www.vupen.com/english/advisories/2011/0464
2011-02-10
Published