Total vulnerabilities in the database
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
| Software | From | Fixed in |
|---|---|---|
| mit / kerberos_5 | - | 1.11.3 |
| opensuse / opensuse | 12.3 | 12.3.x |
| opensuse / opensuse | 11.4 | 11.4.x |
| opensuse / opensuse | 12.2 | 12.2.x |
| fedoraproject / fedora | 17 | 17.x |
| fedoraproject / fedora | 18 | 18.x |
| fedoraproject / fedora | 19 | 19.x |
| redhat / enterprise_linux_server | 5.0 | 5.0.x |
| redhat / enterprise_linux_workstation | 5.0 | 5.0.x |
| redhat / enterprise_linux_server_aus | 6.4 | 6.4.x |
| redhat / enterprise_linux_desktop | 6.0 | 6.0.x |
| redhat / enterprise_linux_server | 6.0 | 6.0.x |
| redhat / enterprise_linux_workstation | 6.0 | 6.0.x |
| redhat / enterprise_linux_desktop | 5.0 | 5.0.x |
| redhat / enterprise_linux_eus | 5.9 | 5.9.x |
| redhat / enterprise_linux_eus | 6.4 | 6.4.x |
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 7.0 | 7.0.x |
| debian / debian_linux | 6.0 | 6.0.x |
| canonical / ubuntu_linux | 15.10 | 15.10.x |
| canonical / ubuntu_linux | 15.04 | 15.04.x |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| canonical / ubuntu_linux | 12.04 | 12.04.x |