CVE-2003-0082 | Vulnerability Database | Aqua Security

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka buffer underrun).

Affected Software

Name	Vendor	Start Version	End Version
Kerberos	Mit	1.0 (including)	1.0 (including)
Kerberos	Mit	1.2.2.beta1 (including)	1.2.2.beta1 (including)
Kerberos_5	Mit	1.0.6 (including)	1.0.6 (including)
Kerberos_5	Mit	1.1 (including)	1.1 (including)
Kerberos_5	Mit	1.1.1 (including)	1.1.1 (including)
Kerberos_5	Mit	1.2 (including)	1.2 (including)
Kerberos_5	Mit	1.2.1 (including)	1.2.1 (including)
Kerberos_5	Mit	1.2.2 (including)	1.2.2 (including)
Kerberos_5	Mit	1.2.3 (including)	1.2.3 (including)
Kerberos_5	Mit	1.2.4 (including)	1.2.4 (including)
Kerberos_5	Mit	1.2.5 (including)	1.2.5 (including)
Kerberos_5	Mit	1.2.6 (including)	1.2.6 (including)
Kerberos_5	Mit	1.2.7 (including)	1.2.7 (including)
Kerberos_5	Mit	1.3-alpha1 (including)	1.3-alpha1 (including)

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
http://www.debian.org/security/2003/dsa-266
http://www.redhat.com/support/errata/RHSA-2003-051.html
http://www.redhat.com/support/errata/RHSA-2003-052.html
http://www.redhat.com/support/errata/RHSA-2003-091.html
http://www.securityfocus.com/archive/1/316960/30/25250/threaded
http://www.securityfocus.com/bid/7185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0082
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html