Fix kpasswd UDP ping-pong [CVE-2002-2443] The kpasswd service provided by kadmind was vulnerable to a UDP "ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless they pass some basic validation, and don't respond to our own error packets. Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong attack or UDP ping-pong attacks in general, but there is discussion leading toward narrowing the definition of CVE-1999-0103 to the echo, chargen, or other similar built-in inetd services. Thanks to Vincent Danen for alerting us to this issue. CVSSv2: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C (cherry picked from commit cf1a0c411b2668c57c41e9c4efd15ba17b6b322c) https://github.com/krb5/krb5/commit/a273b12e3fe8678d7bf3c3c4f39d3f08a192a720 Author: Tom Yu Commit: a273b12e3fe8678d7bf3c3c4f39d3f08a192a720 Branch: krb5-1.10 src/kadmin/server/schpw.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-)