CVE-2010-4022 — Improper Input Validation in Kerberos 5
Severity
5.0MEDIUMNVD
EPSS
9.0%
top 7.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 10
Latest updateMay 13
Description
The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages2 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-x83g-f3w6-mr3j: The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1↗2022-05-13
CVEList▶
CVE-2010-4022: The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1↗2011-02-10
OSV▶
CVE-2010-4022: The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1↗2011-02-10
📋Vendor Advisories
5Red Hat
▶
Debian▶
CVE-2010-4022: krb5 - The do_standalone function in the MIT krb5 KDC database propagation daemon (kpro...↗2010
💬Community
4Bugzilla
▶
Bugzilla▶
CVE-2010-0382 bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022↗2010-01-22