CVE-2010-1324

Severity

43%

Complexity

86%

Confidentiality

48%

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

CVSS 3.0 Base Score 3.7. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

Type

Mit Kerberos 5

First reported 14 years ago

2010-12-02 16:22:00

Last updated 5 years ago

2020-01-21 15:46:00

Affected Software

Mit Kerberos 5 1.7

1.7

Mit Kerberos 5 1.7.1

1.7.1

Mit Kerberos 5 1.8

1.8

Mit Kerberos 5 1.8.1

1.8.1

Mit Kerberos 5 1.8.2

1.8.2

Mit Kerberos 5 1.8.3

1.8.3

References

http://kb.vmware.com/kb/1035108

APPLE-SA-2011-03-21-1

FEDORA-2010-18409

FEDORA-2010-18425

SUSE-SR:2010:023

SUSE-SR:2010:024

[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

HPSBUX02623

69609

42399

Vendor Advisory

43015

http://support.apple.com/kb/HT4581

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt

Vendor Advisory

MDVSA-2010:246

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Patch, Vendor Advisory

RHSA-2010:0925

20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]

20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console

45116

1024803

USN-1030-1

http://www.vmware.com/security/advisories/VMSA-2011-0007.html

ADV-2010-3094

ADV-2010-3095

ADV-2010-3118

ADV-2011-0187

oval:org.mitre.oval:def:11936

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.