schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
{ "binaries": [ { "binary_name": "krb5-admin-server", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-doc", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-gss-samples", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-kdc", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-kdc-ldap", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-locales", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-multidev", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-pkinit", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "krb5-user", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libgssapi-krb5-2", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libgssrpc4", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libk5crypto3", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkadm5clnt-mit8", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkadm5srv-mit8", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkdb5-7", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkrb5-3", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkrb5-dbg", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkrb5-dev", "binary_version": "1.11.3+dfsg-3ubuntu2" }, { "binary_name": "libkrb5support0", "binary_version": "1.11.3+dfsg-3ubuntu2" } ], "availability": "No subscription required", "ubuntu_priority": "low" }