Kerberos < krb5-1.11.3 CVE-2002-2443
A flaw in certain programs that handle UDP traffic was discovered and
assigned the name CVE-1999-0103 (that CVE specifically mentions echo
and
chargen as vulnerable). In 2002, a Nessus plugin was included [1]
that
reference this CVE name, but was for the kpasswd service. Until
recently, this issue had not been reported upstream. This issue has
since been reported upstream [2] and is now fixed [3].
If a malicious remote user were to spoof their IP address to that of
another server running kadmind with the password change port (kpasswd,
port 464), or to the target server’s IP address itself), kpasswd will
pass UDP packets to the spoofed address and reply each time. This can
be used to consume bandwidth and CPU on the affected servers running
kadmind.
This should be fixed in the for krb5-1.11.3 release.
[1] http://marc.info/?l=nessus&m=102418951803893&w=2
[2] http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
[3]
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
After discussing with upstream and MITRE, it was decided that this
issue
needed its own CVE name, so it was assigned CVE-2002-2443.
(from redmine: issue id 1927, created on 2013-05-21, closed on 2013-05-27)
- Relations:
- child #1928 (closed)
- Changesets:
- Revision b318a599 by Natanael Copa on 2013-05-22T09:39:05Z:
main/krb5: security fix (CVE-2002-2443)
ref #1927
fixes #1928