CVE-2010-1324 Information

Feb 14, 2021 cve

Description

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums which might allow remote attackers to forge GSS tokens gain privileges or have unspecified other impact via (1) an unkeyed checksum (2) an unkeyed PAC checksum or (3) a KrbFastArmoredReq checksum based on an RC4 key.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Reference

http://kb.vmware.com/kb/1035108 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.vmware.com/pipermail/security-announce/2011/000133.html http://marc.info/?l=bugtraq&m=129562442714657&w=2 http://osvdb.org/69609 http://secunia.com/advisories/42399 http://secunia.com/advisories/43015 http://support.apple.com/kb/HT4581 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt http://www.mandriva.com/security/advisories?name=MDVSA-2010:246 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.redhat.com/support/errata/RHSA-2010-0925.html http://www.securityfocus.com/archive/1/514953/100/0/threaded http://www.securityfocus.com/archive/1/517739/100/0/threaded http://www.securityfocus.com/bid/45116 http://www.securitytracker.com/id?1024803 http://www.ubuntu.com/usn/USN-1030-1 http://www.vmware.com/security/advisories/VMSA-2011-0007.html http://www.vupen.com/english/advisories/2010/3094 http://www.vupen.com/english/advisories/2010/3095 http://www.vupen.com/english/advisories/2010/3118 http://www.vupen.com/english/advisories/2011/0187 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11936

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

3.7

Share on: