CVE-2010-4022

Publication date 10 February 2011

Last updated 24 July 2024

Ubuntu priority

The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process "exits abnormally," which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
krb5	10.10 maverick	Fixed 1.8.1+dfsg-5ubuntu0.4
	10.04 LTS lucid	Fixed 1.8.1+dfsg-2ubuntu0.6
	9.10 karmic	Fixed 1.7dfsg~beta3-1ubuntu0.9
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1062-1
Kerberos vulnerabilities
15 February 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2010-4022