CVE-2010-1324 — Kerberos 5 vulnerability

CWE-3108 documents8 sources

Severity

3.7LOWNVD

EPSS

3.5%

top 12.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedDec 2

Latest updateMay 2

Description

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

▶Debianmit/krb5< 1.8.3+dfsg-3+3

▶NVDmit/kerberos_56 versions+5

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-gg3r-9x7c-vmfm: MIT Kerberos 5 (aka krb5) 1↗2022-05-02

▶

OSV

CVE-2010-1324: MIT Kerberos 5 (aka krb5) 1↗2010-12-02

▶

CVEList

CVE-2010-1324: MIT Kerberos 5 (aka krb5) 1↗2010-12-02

▶

📋Vendor Advisories

Ubuntu

Kerberos vulnerabilities↗2010-12-09

▶

Red Hat

krb5: multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007)↗2010-11-30

▶

Debian

CVE-2010-1324: krb5 - MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determ...↗2010

▶

💬Community

Bugzilla

CVE-2010-1324 krb5: multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007)↗2010-11-01

▶