CVE-2010-1323 — Kerberos vulnerability

CWE-3109 documents9 sources

Severity

3.7LOWNVD

EPSS

4.7%

top 10.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos MIT Kerberos 5

Timeline

PublishedDec 2

Latest updateMay 2

Description

MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages3 packages

▶Debianmit/krb5< 1.8.3+dfsg-3+3

▶NVDmit/kerberos5-1.5.4

▶NVDmit/kerberos_525 versions+24

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-j54m-cwfx-hj5g: MIT Kerberos 5 (aka krb5) 1↗2022-05-02

▶

OSV

CVE-2010-1323: MIT Kerberos 5 (aka krb5) 1↗2010-12-02

▶

CVEList

CVE-2010-1323: MIT Kerberos 5 (aka krb5) 1↗2010-12-02

▶

💥Exploits & PoCs

Exploit-DB

NetTerm NetFTPD - 'USER' Remote Buffer Overflow (Metasploit)↗2010-10-05

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2010-12-09

▶

Red Hat

krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007)↗2010-11-30

▶

Debian

CVE-2010-1323: krb5 - MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1...↗2010

▶

💬Community

Bugzilla

CVE-2010-1323 krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007)↗2010-11-01

▶