SB2013052206 - Input validation error in dbus (Alpine package)
Published: May 22, 2013
Security Bulletin ID
SB2013052206
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2002-2443)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=61b6c314dce6d6a6b5e2ce3e2bdd57d9d8824636
- https://git.alpinelinux.org/aports/commit/?id=f4815a09b6eee77917fc4aeb5a684f88e051022c
- https://git.alpinelinux.org/aports/commit/?id=a074fa6d38db3108ce263b63cdf22a8c88fe919a
- https://git.alpinelinux.org/aports/commit/?id=635b532cd2987f13c5a08db090d8a1c44650b1f3
- https://git.alpinelinux.org/aports/commit/?id=b318a59981c3e291a439fc9085f959761f77342d