CVE-2000-0548

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html	Broken Link
http://ciac.llnl.gov/ciac/bulletins/k-051.shtml	Broken Link
http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt	Patch Vendor Advisory
http://www.cert.org/advisories/CA-2000-11.html	Third Party Advisory US Government Resource
http://www.osvdb.org/4875	Broken Link
http://www.redhat.com/support/errata/RHSA-2000-031.html	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cygnus_network_security_project:cygnus_network_security:-:::::::*
	cpe:2.3:a:kerbnet_project:kerbnet:-:::::::*
	cpe:2.3:a:mit:kerberos::::::::
	cpe:2.3:a:mit:kerberos:4.0:-::::::
	cpe:2.3:a:mit:kerberos:4.0:patch10::::::
	cpe:2.3:a:mit:kerberos_5::::::::
	cpe:2.3:a:mit:kerberos_5:1.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.1.1:::::::*

History

02 Feb 2021, 17:54

Type	Values Removed	Values Added
CPE	cpe:2.3:a:mit:kerberos_5:1.0:::::::* cpe:2.3:a:cygnus:cygnus_network_security:::::::: cpe:2.3:a:cygnus:kerbnet::::::::	cpe:2.3:a:kerbnet_project:kerbnet:-:::::::* cpe:2.3:a:mit:kerberos:4.0:patch10:::::: cpe:2.3:a:cygnus_network_security_project:cygnus_network_security:-:::::::* cpe:2.3:a:mit:kerberos_5:::::::: cpe:2.3:a:mit:kerberos:4.0:-::::::
References	~~(BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html - Exploit, Patch, Vendor Advisory~~	(BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html - Broken Link
References	~~(OSVDB) http://www.osvdb.org/4875 -~~	(OSVDB) http://www.osvdb.org/4875 - Broken Link
References	~~(CONFIRM) http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt -~~	(CONFIRM) http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt - Patch, Vendor Advisory
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2000-031.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2000-031.html - Third Party Advisory
References	~~(CIAC) http://ciac.llnl.gov/ciac/bulletins/k-051.shtml -~~	(CIAC) http://ciac.llnl.gov/ciac/bulletins/k-051.shtml - Broken Link
References	~~(CERT) http://www.cert.org/advisories/CA-2000-11.html - Patch, Third Party Advisory, US Government Resource~~	(CERT) http://www.cert.org/advisories/CA-2000-11.html - Third Party Advisory, US Government Resource
CWE	~~NVD-CWE-Other~~	CWE-120

Information

Published : 2000-06-09 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2000-0548

Mitre link : CVE-2000-0548

CVE.ORG link : CVE-2000-0548

JSON object : View

Products Affected

mit

kerberos_5
kerberos

kerbnet_project

kerbnet

cygnus_network_security_project

cygnus_network_security

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

5.0 /10