Published: 02/12/2010 Updated: 21/01/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 3.7 | Impact Score: 1.4 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x up to and including 1.8.3 does not properly determine the acceptability of checksums, which might allow remote malicious users to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.8.3
mit kerberos 5 1.8.1
mit kerberos 5 1.7.1
mit kerberos 5 1.7
mit kerberos 5 1.8.2
mit kerberos 5 1.8

It was discovered that Kerberos did not properly determine the acceptability of certain checksums A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message (CVE-2010-1323) ...

CWE-310 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt http://www.mandriva.com/security/advisories?name=MDVSA-2010:246 http://secunia.com/advisories/42399 http://www.securityfocus.com/bid/45116 http://osvdb.org/69609 http://www.redhat.com/support/errata/RHSA-2010-0925.html http://www.vupen.com/english/advisories/2010/3118 http://www.vupen.com/english/advisories/2010/3095 http://www.vupen.com/english/advisories/2010/3094 http://www.securitytracker.com/id?1024803 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html http://www.ubuntu.com/usn/USN-1030-1 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://marc.info/?l=bugtraq&m=129562442714657&w=2 http://secunia.com/advisories/43015 http://www.vupen.com/english/advisories/2011/0187 http://support.apple.com/kb/HT4581 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://www.vmware.com/security/advisories/VMSA-2011-0007.html http://kb.vmware.com/kb/1035108 http://lists.vmware.com/pipermail/security-announce/2011/000133.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936 http://www.securityfocus.com/archive/1/517739/100/0/threaded http://www.securityfocus.com/archive/1/514953/100/0/threaded https://usn.ubuntu.com/1030-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1324

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect