CVE-2010-1324

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
References
Link Resource
http://kb.vmware.com/kb/1035108
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://marc.info/?l=bugtraq&m=129562442714657&w=2
http://marc.info/?l=bugtraq&m=129562442714657&w=2
http://osvdb.org/69609
http://secunia.com/advisories/42399 Vendor Advisory
http://secunia.com/advisories/43015
http://support.apple.com/kb/HT4581
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0925.html
http://www.securityfocus.com/archive/1/514953/100/0/threaded
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.securityfocus.com/bid/45116
http://www.securitytracker.com/id?1024803
http://www.ubuntu.com/usn/USN-1030-1
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
http://www.vupen.com/english/advisories/2010/3094
http://www.vupen.com/english/advisories/2010/3095
http://www.vupen.com/english/advisories/2010/3118
http://www.vupen.com/english/advisories/2011/0187
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
http://kb.vmware.com/kb/1035108
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://marc.info/?l=bugtraq&m=129562442714657&w=2
http://marc.info/?l=bugtraq&m=129562442714657&w=2
http://osvdb.org/69609
http://secunia.com/advisories/42399 Vendor Advisory
http://secunia.com/advisories/43015
http://support.apple.com/kb/HT4581
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0925.html
http://www.securityfocus.com/archive/1/514953/100/0/threaded
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.securityfocus.com/bid/45116
http://www.securitytracker.com/id?1024803
http://www.ubuntu.com/usn/USN-1030-1
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
http://www.vupen.com/english/advisories/2010/3094
http://www.vupen.com/english/advisories/2010/3095
http://www.vupen.com/english/advisories/2010/3118
http://www.vupen.com/english/advisories/2011/0187
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*

History

21 Nov 2024, 01:14

Type Values Removed Values Added
References () http://kb.vmware.com/kb/1035108 - () http://kb.vmware.com/kb/1035108 -
References () http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html - () http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html -
References () http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html -
References () http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html - () http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html -
References () http://lists.vmware.com/pipermail/security-announce/2011/000133.html - () http://lists.vmware.com/pipermail/security-announce/2011/000133.html -
References () http://marc.info/?l=bugtraq&m=129562442714657&w=2 - () http://marc.info/?l=bugtraq&m=129562442714657&w=2 -
References () http://osvdb.org/69609 - () http://osvdb.org/69609 -
References () http://secunia.com/advisories/42399 - Vendor Advisory () http://secunia.com/advisories/42399 - Vendor Advisory
References () http://secunia.com/advisories/43015 - () http://secunia.com/advisories/43015 -
References () http://support.apple.com/kb/HT4581 - () http://support.apple.com/kb/HT4581 -
References () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt - Vendor Advisory () http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt - Vendor Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2010:246 - () http://www.mandriva.com/security/advisories?name=MDVSA-2010:246 -
References () http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html - Patch, Vendor Advisory () http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html - Patch, Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2010-0925.html - () http://www.redhat.com/support/errata/RHSA-2010-0925.html -
References () http://www.securityfocus.com/archive/1/514953/100/0/threaded - () http://www.securityfocus.com/archive/1/514953/100/0/threaded -
References () http://www.securityfocus.com/archive/1/517739/100/0/threaded - () http://www.securityfocus.com/archive/1/517739/100/0/threaded -
References () http://www.securityfocus.com/bid/45116 - () http://www.securityfocus.com/bid/45116 -
References () http://www.securitytracker.com/id?1024803 - () http://www.securitytracker.com/id?1024803 -
References () http://www.ubuntu.com/usn/USN-1030-1 - () http://www.ubuntu.com/usn/USN-1030-1 -
References () http://www.vmware.com/security/advisories/VMSA-2011-0007.html - () http://www.vmware.com/security/advisories/VMSA-2011-0007.html -
References () http://www.vupen.com/english/advisories/2010/3094 - () http://www.vupen.com/english/advisories/2010/3094 -
References () http://www.vupen.com/english/advisories/2010/3095 - () http://www.vupen.com/english/advisories/2010/3095 -
References () http://www.vupen.com/english/advisories/2010/3118 - () http://www.vupen.com/english/advisories/2010/3118 -
References () http://www.vupen.com/english/advisories/2011/0187 - () http://www.vupen.com/english/advisories/2011/0187 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936 -

Information

Published : 2010-12-02 16:22

Updated : 2024-11-21 01:14


NVD link : CVE-2010-1324

Mitre link : CVE-2010-1324

CVE.ORG link : CVE-2010-1324


JSON object : View

Products Affected

mit

  • kerberos_5
CWE
CWE-310

Cryptographic Issues