CVE-2002-2443

Publication date 10 May 2013

Last updated 24 July 2024

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
krb5	15.10 wily	Not affected
	15.04 vivid	Not affected
	14.10 utopic	Not affected
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Fixed 1.10+dfsg~beta1-2ubuntu0.7
	10.04 LTS lucid	Ignored

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2810-1
Kerberos vulnerabilities
12 November 2015

Other references

https://www.cve.org/CVERecord?id=CVE-2002-2443