3 The kpasswd service provided by kadmind was vulnerable to a UDP
4 "ping-pong" attack
[CVE
-2002-2443]. Don
't respond to packets unless
5 they pass some basic validation, and don't respond to our own error
8 Some authors use CVE
-1999-0103 to refer to the kpasswd UDP ping
-pong
9 attack
or UDP ping
-pong attacks in general
, but there is discussion
10 leading toward narrowing the definition of CVE
-1999-0103 to the echo
,
11 chargen
, or other similar built
-in inetd services
.
13 from https
://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
16 --- kadmin
/server
/schpw
.c
.orig
2013-05-13 22:31:47.496049500 +0000
17 +++ kadmin
/server
/schpw
.c
18 @@
-52,7 +52,7 @@
process_chpw_request(krb5_context contex
19 ret
= KRB5KRB_AP_ERR_MODIFIED
;
20 numresult
= KRB5_KPASSWD_MALFORMED
;
21 strlcpy(strresult
, "Request was truncated", sizeof(strresult
));
27 @@
-67,7 +67,7 @@
process_chpw_request(krb5_context contex
28 numresult
= KRB5_KPASSWD_MALFORMED
;
29 strlcpy(strresult
, "Request length was inconsistent",
35 /* verify version number */
36 @@
-80,7 +80,7 @@
process_chpw_request(krb5_context contex
37 numresult
= KRB5_KPASSWD_BAD_VERSION
;
38 snprintf(strresult
, sizeof(strresult
),
39 "Request contained unknown protocol version number %d", vno
);
44 /* read, check ap-req length */
45 @@
-93,7 +93,7 @@
process_chpw_request(krb5_context contex
46 numresult
= KRB5_KPASSWD_MALFORMED
;
47 strlcpy(strresult
, "Request was truncated in AP-REQ",