CVE-2010-1321 — NULL Pointer Dereference in Kerberos 5
Severity
6.8MEDIUMNVD
EPSS
1.9%
top 16.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 19
Latest updateMay 2
Description
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
CVSS vector
AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9
Affected Packages5 packages
Also affects: Debian Linux 5.0, 6.0, Fedora 11, 12, 13, Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10