ByteOS Network

Source-cve@mitre.org

Published At-02 Apr, 2003 | 05:00

Updated At-03 Apr, 2025 | 01:03

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

MIT (Massachusetts Institute of Technology)

>>kerberos>>1.0

cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos>>1.2.2.beta1

cpe:2.3:a:mit:kerberos:1.2.2.beta1:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.0.6

cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.1

cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.1.1

cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.2

cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.2.1

cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.2.2

cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.2.3

cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.2.4

cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.2.5

cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.2.6

cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.2.7

cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*

MIT (Massachusetts Institute of Technology)

>>kerberos_5>>1.3

cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1	cve@mitre.org	N/A
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt	cve@mitre.org	Patch Vendor Advisory
http://www.debian.org/security/2003/dsa-266	cve@mitre.org	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-051.html	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2003-052.html	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/316960/30/25250/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/7184	cve@mitre.org	N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1	af854a3a-2127-422b-91ae-364da2661108	N/A
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.debian.org/security/2003/dsa-266	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-051.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.redhat.com/support/errata/RHSA-2003-052.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/316960/30/25250/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/7184	af854a3a-2127-422b-91ae-364da2661108	N/A