Sid 1-51212

Report a false positive

Rule Category

SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.

Alert Message

SERVER-OTHER MIT Kerberos kpasswd UDP denial of service attempt

Rule Explanation

This event is generated when a denial of service attempt against MIT Kerberos kpasswd over UDP is observed Impact: Detection of a Denial of Service Attack Details: Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

CVE-2002-2443

Additional Links

github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c#diff-c92d56b1257ce9528a3ed0256f76eb20

Rule Vulnerability

CVE Additional Information

CVE-2002-2443
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Details
SeverityMEDIUM Base Score5.0
Impact Score2.9 Exploit Score10.0
Confidentiality ImpactNONE Integrity ImpactNONE
Availability ImpactPARTIAL Access Vector
AuthenticationNONE Ease of Access

Affected Systems