schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
2013-05-29T14:29:06.287
2025-04-11T00:51:21.963
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | mit | kerberos_5 | < 1.11.3 | Yes |
| Operating System | opensuse | opensuse | 11.4 | Yes |
| Operating System | opensuse | opensuse | 12.2 | Yes |
| Operating System | opensuse | opensuse | 12.3 | Yes |
| Operating System | fedoraproject | fedora | 17 | Yes |
| Operating System | fedoraproject | fedora | 18 | Yes |
| Operating System | fedoraproject | fedora | 19 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 5.0 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 5.9 | Yes |
| Operating System | redhat | enterprise_linux_eus | 6.4 | Yes |
| Operating System | redhat | enterprise_linux_server | 5.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 6.4 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 5.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |
| Operating System | debian | debian_linux | 6.0 | Yes |
| Operating System | debian | debian_linux | 7.0 | Yes |
| Operating System | debian | debian_linux | 8.0 | Yes |
| Operating System | canonical | ubuntu_linux | 12.04 | Yes |
| Operating System | canonical | ubuntu_linux | 14.04 | Yes |
| Operating System | canonical | ubuntu_linux | 15.04 | Yes |
| Operating System | canonical | ubuntu_linux | 15.10 | Yes |