- Description
- The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
- Source
- secure@microsoft.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.3
- Impact score
- 6.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:N/A:C
- Hype score
- Not currently trending
- Comment
- -
- Impact
- Per: http://www.microsoft.com/technet/security/Bulletin/MS10-014.mspx "This vulnerability only affects domain controllers. Servers that do not perform the role of domain controllers are not affected."
- Solution
- Per: http://www.microsoft.com/technet/security/Bulletin/MS10-014.mspx "This vulnerability only affects domain controllers. Servers that do not perform the role of domain controllers are not affected."
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D3B5E4F-56A6-4696-BBB4-19DF3613D020"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFF81F4B-7D92-4398-8658-84530FB8F518"
}
],
"operator": "OR"
}
]
}
]