FKIE_CVE-2010-1324

Vulnerability from fkie_nvd - Published: 2010-12-02 16:22 - Updated: 2025-04-11 00:51
Severity ?
3.7 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
References
cve@mitre.orghttp://kb.vmware.com/kb/1035108
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
cve@mitre.orghttp://lists.vmware.com/pipermail/security-announce/2011/000133.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=129562442714657&w=2
cve@mitre.orghttp://osvdb.org/69609
cve@mitre.orghttp://secunia.com/advisories/42399Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/43015
cve@mitre.orghttp://support.apple.com/kb/HT4581
cve@mitre.orghttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txtVendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2010:246
cve@mitre.orghttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2010-0925.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/514953/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/517739/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/45116
cve@mitre.orghttp://www.securitytracker.com/id?1024803
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1030-1
cve@mitre.orghttp://www.vmware.com/security/advisories/VMSA-2011-0007.html
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/3094
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/3095
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/3118
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0187
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
af854a3a-2127-422b-91ae-364da2661108http://kb.vmware.com/kb/1035108
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.vmware.com/pipermail/security-announce/2011/000133.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=129562442714657&w=2
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/69609
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42399Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43015
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4581
af854a3a-2127-422b-91ae-364da2661108http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0925.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/514953/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/517739/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/45116
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024803
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1030-1
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2011-0007.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3094
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3095
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/3118
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0187
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
Impacted products
Vendor Product Version
mit kerberos_5 1.7
mit kerberos_5 1.7.1
mit kerberos_5 1.8
mit kerberos_5 1.8.1
mit kerberos_5 1.8.2
mit kerberos_5 1.8.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B09C090-B842-43C7-B8A6-DBF63D80FEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "36823B2B-5C72-4FF3-9301-FB263EB8CE09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59AFA33E-FEBC-45F5-9EC6-8AA363163FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "04D83332-B2FD-4E86-A76C-C3F1CD3B3A31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "758A0011-20ED-414A-9DF3-50A161DF8BC2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key."
    },
    {
      "lang": "es",
      "value": "MIT Kerberos 5 (tambi\u00e9n conocido como krb5)  v1.7.x y v1.8.x hasta v1.8.3 no determina correctamente la aceptabilidad de las sumas de comprobaci\u00f3n, lo que podr\u00eda permitir a un atacante remoto falsificar GSS tokens, ganar privilegios, o tener otro impacto no especificado mediante (1) una suma de comprobaci\u00f3n sin clave, (2) una suma de comprobaci\u00f3n PAC sin clave o (3) una suma de comprobaci\u00f3n KrbFastArmoredReq basada en una clave de RC4."
    }
  ],
  "id": "CVE-2010-1324",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2010-12-02T16:22:20.880",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://kb.vmware.com/kb/1035108"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/69609"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42399"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43015"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT4581"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/45116"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1024803"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1030-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/3094"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/3095"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2010/3118"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0187"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kb.vmware.com/kb/1035108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=129562442714657\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/69609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/42399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/45116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1030-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3095"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/3118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.