CVE-2010-4020
published 2010-12-02CVE-2010-4020: MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1)…
PriorityP335medium6.3CVSS 3.0
AVNACLPRLUINSUCLILAL
EPSS
1.92%
77.3th percentile
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.8.3+dfsg-3 (bookworm) | krb5 1.8.3+dfsg-3 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.8.3+dfsg-3 | 1.8.3+dfsg-3 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-3 | 1.8.3+dfsg-3 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-3 | 1.8.3+dfsg-3 |
| mit | krb5 | >= 0 < 1.8.3+dfsg-3 | 1.8.3+dfsg-3 |
| vmware | vmware_esxi | — | — |
| vmware | vmware_workstation | — | — |
CVSS provenance
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv6.3MEDIUM
vendor_debian6.3MEDIUM
vendor_redhat6.3MEDIUM
vendor_ubuntu3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
vendor_vmware·2011-04-28·CVSS 7.8
CVE-2010-1323 [HIGH] VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
VMSA-2011-0007: VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
a. ESX/ESXi Socket Exhaustion By sending malicious network traffic to an ESXi or ESX host an attacker could exhaust the available sockets which would prevent further connections to the host. In the event a host becomes inaccessible its virtual machines will continue to run and have network connectivity but a reboot of the ESXi or ESX host may be required in order to be able to connect to the host again. ESXi and ESX hosts may intermittently lose connectivity caused by applications that do not correctly close sockets. If this occurs an error message similar to the following may be written to the vpxa log: socket() returns -1 (Cannot allocate memory) An error message
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2010-12-09·CVSS 3.7
CVE-2010-1323 [LOW] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
It was discovered that Kerberos did not properly determine the
acceptability of certain checksums. A remote attacker could use certain
checksums to alter the prompt message, modify a response to a Key
Distribution Center (KDC) or forge a KRB-SAFE message. (CVE-2010-1323)
It was discovered that Kerberos did not properly determine the
acceptability of certain checksums. A remote attacker could use certain
checksums to forge GSS tokens or gain privileges. This issue only affected
Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2010-1324)
It was discovered that Kerberos did not reject RC4 key-derivation
checksums. An authenticated remote user could use this issue to forge
AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges.
This issue only affected
Red Hat
krb5: krb5 may accept authdata checksums with low-entropy derived keys (MITKRB5-SA-2010-007)
vendor_redhat·2010-11-30·CVSS 6.3
CVE-2010-4020 [MEDIUM] krb5: krb5 may accept authdata checksums with low-entropy derived keys (MITKRB5-SA-2010-007)
krb5: krb5 may accept authdata checksums with low-entropy derived keys (MITKRB5-SA-2010-007)
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4 and 5.
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2010-4020: krb5 - MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation...
vendor_debian·2010·CVSS 6.3
CVE-2010-4020 [MEDIUM] CVE-2010-4020: krb5 - MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation...
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
Scope: local
bookworm: resolved (fixed in 1.8.3+dfsg-3)
bullseye: resolved (fixed in 1.8.3+dfsg-3)
forky: resolved (fixed in 1.8.3+dfsg-3)
sid: resolved (fixed in 1.8.3+dfsg-3)
trixie: resolved (fixed in 1.8.3+dfsg-3)
GHSA
GHSA-27hw-qqm8-6prm: MIT Kerberos 5 (aka krb5) 1
ghsa_unreviewed·2022-05-13
CVE-2010-4020 [MEDIUM] GHSA-27hw-qqm8-6prm: MIT Kerberos 5 (aka krb5) 1
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
OSV
CVE-2010-4020: MIT Kerberos 5 (aka krb5) 1
osv·2010-12-02·CVSS 6.3
CVE-2010-4020 [MEDIUM] CVE-2010-4020: MIT Kerberos 5 (aka krb5) 1
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
Suricata
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3051 [HIGH] ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UPDATE
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UPDATE"; flow:established,to_server; http.uri; content:"/inc/class_users.php?"; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-3051; reference:url,www.milw0rm.com/exploits/4020; classtype:web-application-attack; sid:2004605; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_t
Suricata
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3051 [HIGH] ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php SELECT
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php SELECT"; flow:established,to_server; http.uri; content:"/inc/class_users.php?"; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-3051; reference:url,www.milw0rm.com/exploits/4020; classtype:web-application-attack; sid:2004600; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_
Suricata
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3051 [HIGH] ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php INSERT
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php INSERT"; flow:established,to_server; http.uri; content:"/inc/class_users.php?"; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-3051; reference:url,www.milw0rm.com/exploits/4020; classtype:web-application-attack; sid:2004602; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_
Suricata
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-3051 [HIGH] ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UNION SELECT
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UNION SELECT"; flow:established,to_server; http.uri; content:"/inc/class_users.php?"; nocase; content:"UNION"; nocase; pcre:"/UNION\s+SELECT/i"; reference:cve,CVE-2007-3051; reference:url,www.milw0rm.com/exploits/4020; classtype:web-application-attack; sid:2004601; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id
Suricata
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3051 [HIGH] ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php DELETE
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php DELETE"; flow:established,to_server; http.uri; content:"/inc/class_users.php?"; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-3051; reference:url,www.milw0rm.com/exploits/4020; classtype:web-application-attack; sid:2004603; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_
Suricata
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-3051 [HIGH] ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php ASCII
ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php ASCII"; flow:established,to_server; http.uri; content:"/inc/class_users.php?"; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-3051; reference:url,www.milw0rm.com/exploits/4020; classtype:web-application-attack; sid:2004604; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre
No public exploits indexed.
http://kb.vmware.com/kb/1035108http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://lists.vmware.com/pipermail/security-announce/2011/000133.htmlhttp://osvdb.org/69608http://secunia.com/advisories/42399http://support.apple.com/kb/HT4581http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txthttp://www.mandriva.com/security/advisories?name=MDVSA-2010:246http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0925.htmlhttp://www.securityfocus.com/archive/1/514953/100/0/threadedhttp://www.securityfocus.com/archive/1/517739/100/0/threadedhttp://www.securityfocus.com/bid/45117http://www.securitytracker.com/id?1024803http://www.ubuntu.com/usn/USN-1030-1http://www.vmware.com/security/advisories/VMSA-2011-0007.htmlhttp://www.vupen.com/english/advisories/2010/3094http://www.vupen.com/english/advisories/2010/3095http://www.vupen.com/english/advisories/2010/3118http://kb.vmware.com/kb/1035108http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://lists.vmware.com/pipermail/security-announce/2011/000133.htmlhttp://osvdb.org/69608http://secunia.com/advisories/42399http://support.apple.com/kb/HT4581http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txthttp://www.mandriva.com/security/advisories?name=MDVSA-2010:246http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0925.htmlhttp://www.securityfocus.com/archive/1/514953/100/0/threadedhttp://www.securityfocus.com/archive/1/517739/100/0/threadedhttp://www.securityfocus.com/bid/45117http://www.securitytracker.com/id?1024803http://www.ubuntu.com/usn/USN-1030-1http://www.vmware.com/security/advisories/VMSA-2011-0007.htmlhttp://www.vupen.com/english/advisories/2010/3094http://www.vupen.com/english/advisories/2010/3095http://www.vupen.com/english/advisories/2010/3118
2010-12-02
Published