cpe:/a:mit:kerberos:5-1.11.2 CVE-2002-2443 2013-05-29T10:29:06.287-04:00 2016-12-06T21:59:03.717-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2013-05-29T13:05:00.000-04:00 DEBIAN DSA-2701 FEDORA FEDORA-2013-8113 FEDORA FEDORA-2013-8212 FEDORA FEDORA-2013-8219 MANDRIVA MDVSA-2013:166 REDHAT RHSA-2013:0942 UBUNTU USN-2810-1 CONFIRM http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=962531 CONFIRM https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c SUSE openSUSE-SU-2013:1119 SUSE openSUSE-SU-2013:1122 schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.