Published: 19/05/2010 Updated: 02/02/2021

CVSS v2 Base Score: 6.8 | Impact Score: 6.9 | Exploitability Score: 8

VMScore: 605

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Subscribe to Mit

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) up to and including 1.7.1 and 1.8 prior to 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5
debian debian linux 5.0
debian debian linux 6.0
canonical ubuntu linux 6.06
canonical ubuntu linux 8.04
canonical ubuntu linux 9.04
canonical ubuntu linux 9.10
canonical ubuntu linux 10.04
oracle database server -
opensuse opensuse 11.0
opensuse opensuse 11.1
opensuse opensuse 11.2
opensuse opensuse 11.3
suse linux enterprise server 10
suse linux enterprise server 11
fedoraproject fedora 11
fedoraproject fedora 12
fedoraproject fedora 13

Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 4 Extras and 5 SupplementaryThe Red Hat Security Response Team has rated this update as having cri ...

Debian Bug report logs - #582261 krb5: CVE-2010-1321 GSS-API library null pointer dereference Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Sebastien Delafond <seb@debianorg> Date: Wed, 19 May 2010 14:33:01 UTC Severity: grave Tags: security Fixed in version krb5/18 ...

Unauthenticated remote attackers could cause Kerberos servers to crash, leading to a denial of service ...

An attacker could send crafted input to kadmind and cause it to crash ...

MIT Kerberos contains a vulnerability that could allow an authenticated, remote attacker to cause a denial of service (DoS) condition The vulnerability is in the GSS-API acceptor component due to lack of pointer validation  An authenticated, remote attacker could exploit the vulnerability by making a crafted request to the affected componen ...

CWE-476 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt http://www.mandriva.com/security/advisories?name=MDVSA-2010:100 http://www.redhat.com/support/errata/RHSA-2010-0423.html http://www.securityfocus.com/bid/40235 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html http://secunia.com/advisories/39762 http://osvdb.org/64744 http://secunia.com/advisories/39818 http://www.vupen.com/english/advisories/2010/1193 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html http://www.vupen.com/english/advisories/2010/1196 http://www.vupen.com/english/advisories/2010/1177 http://www.vupen.com/english/advisories/2010/1192 http://secunia.com/advisories/39784 http://secunia.com/advisories/39799 http://www.ubuntu.com/usn/USN-940-1 http://secunia.com/advisories/39849 http://www.vupen.com/english/advisories/2010/1222 http://www.debian.org/security/2010/dsa-2052 http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://www.vupen.com/english/advisories/2010/1574 http://secunia.com/advisories/40346 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 http://www.ubuntu.com/usn/USN-940-2 http://www.vupen.com/english/advisories/2010/1882 http://secunia.com/advisories/40685 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://support.avaya.com/css/P8/documents/100114315 http://www.redhat.com/support/errata/RHSA-2010-0770.html http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html http://www.us-cert.gov/cas/techalerts/TA10-287A.html http://secunia.com/advisories/41967 http://www.redhat.com/support/errata/RHSA-2010-0807.html http://www.redhat.com/support/errata/RHSA-2010-0935.html http://www.redhat.com/support/errata/RHSA-2010-0873.html http://www.vupen.com/english/advisories/2010/3112 http://secunia.com/advisories/42432 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://www.redhat.com/support/errata/RHSA-2010-0987.html http://www.vupen.com/english/advisories/2011/0134 http://www.redhat.com/support/errata/RHSA-2011-0152.html http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://secunia.com/advisories/42974 http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://secunia.com/advisories/43335 http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html http://www.redhat.com/support/errata/RHSA-2011-0880.html http://www.us-cert.gov/cas/techalerts/TA11-201A.html http://secunia.com/advisories/44954 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604 http://www.securityfocus.com/archive/1/516397/100/0/threaded http://www.securityfocus.com/archive/1/511331/100/0/threaded https://access.redhat.com/errata/RHSA-2010:0770 https://usn.ubuntu.com/940-1/https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20100519-CVE-2010-1321

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook