CVE-2010-4021
published 2010-12-02CVE-2010-4021: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might…
PriorityP415low2.1CVSS 2.0
AVNACHAuSCNIPAN
EPSS
2.09%
79.3th percentile
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.8+dfsg~alpha1-1 (bookworm) | krb5 1.8+dfsg~alpha1-1 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-1 | 1.8+dfsg~alpha1-1 |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-1 | 1.8+dfsg~alpha1-1 |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-1 | 1.8+dfsg~alpha1-1 |
| mit | krb5 | >= 0 < 1.8+dfsg~alpha1-1 | 1.8+dfsg~alpha1-1 |
| vmware | vmware_esxi | — | — |
| vmware | vmware_workstation | — | — |
CVSS provenance
nvdv2.02.1LOWAV:N/AC:H/Au:S/C:N/I:P/A:N
osv2.1LOW
vendor_ubuntu3.7LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w2r7-v523-8fwv: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
ghsa_unreviewed·2022-05-13
CVE-2010-4021 [LOW] GHSA-w2r7-v523-8fwv: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
OSV
CVE-2010-4021: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
osv·2010-12-02·CVSS 2.1
CVE-2010-4021 [LOW] CVE-2010-4021: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
VMware
VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
vendor_vmware·2011-04-28·CVSS 7.8
CVE-2010-1323 [HIGH] VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
VMSA-2011-0007: VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
a. ESX/ESXi Socket Exhaustion By sending malicious network traffic to an ESXi or ESX host an attacker could exhaust the available sockets which would prevent further connections to the host. In the event a host becomes inaccessible its virtual machines will continue to run and have network connectivity but a reboot of the ESXi or ESX host may be required in order to be able to connect to the host again. ESXi and ESX hosts may intermittently lose connectivity caused by applications that do not correctly close sockets. If this occurs an error message similar to the following may be written to the vpxa log: socket() returns -1 (Cannot allocate memory) An error message
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2010-12-09·CVSS 3.7
CVE-2010-1323 [LOW] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
It was discovered that Kerberos did not properly determine the
acceptability of certain checksums. A remote attacker could use certain
checksums to alter the prompt message, modify a response to a Key
Distribution Center (KDC) or forge a KRB-SAFE message. (CVE-2010-1323)
It was discovered that Kerberos did not properly determine the
acceptability of certain checksums. A remote attacker could use certain
checksums to forge GSS tokens or gain privileges. This issue only affected
Ubuntu 9.10, 10.04 LTS and 10.10. (CVE-2010-1324)
It was discovered that Kerberos did not reject RC4 key-derivation
checksums. An authenticated remote user could use this issue to forge
AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges.
This issue only affected
Red Hat
krb5: KDC may issue unrequested tickets due to KrbFastReq forgery (MITKRB5-SA-2010-007)
vendor_redhat·2010-11-30·CVSS 2.1
CVE-2010-4021 [LOW] krb5: KDC may issue unrequested tickets due to KrbFastReq forgery (MITKRB5-SA-2010-007)
krb5: KDC may issue unrequested tickets due to KrbFastReq forgery (MITKRB5-SA-2010-007)
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
Statement: Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Debian
CVE-2010-4021: krb5 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not prop...
vendor_debian·2010·CVSS 2.1
CVE-2010-4021 [LOW] CVE-2010-4021: krb5 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not prop...
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
Scope: local
bookworm: resolved (fixed in 1.8+dfsg~alpha1-1)
bullseye: resolved (fixed in 1.8+dfsg~alpha1-1)
forky: resolved (fixed in 1.8+dfsg~alpha1-1)
sid: resolved (fixed in 1.8+dfsg~alpha1-1)
trixie: resolved (fixed in 1.8+dfsg~alpha1-1)
No detection rules found.
No public exploits indexed.
http://kb.vmware.com/kb/1035108http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://lists.vmware.com/pipermail/security-announce/2011/000133.htmlhttp://osvdb.org/69607http://support.apple.com/kb/HT4581http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txthttp://www.mandriva.com/security/advisories?name=MDVSA-2010:246http://www.securityfocus.com/archive/1/514953/100/0/threadedhttp://www.securityfocus.com/archive/1/517739/100/0/threadedhttp://www.securityfocus.com/bid/45122http://www.securitytracker.com/id?1024803http://www.ubuntu.com/usn/USN-1030-1http://www.vmware.com/security/advisories/VMSA-2011-0007.htmlhttp://www.vupen.com/english/advisories/2010/3094http://www.vupen.com/english/advisories/2010/3118http://kb.vmware.com/kb/1035108http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlhttp://lists.vmware.com/pipermail/security-announce/2011/000133.htmlhttp://osvdb.org/69607http://support.apple.com/kb/HT4581http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txthttp://www.mandriva.com/security/advisories?name=MDVSA-2010:246http://www.securityfocus.com/archive/1/514953/100/0/threadedhttp://www.securityfocus.com/archive/1/517739/100/0/threadedhttp://www.securityfocus.com/bid/45122http://www.securitytracker.com/id?1024803http://www.ubuntu.com/usn/USN-1030-1http://www.vmware.com/security/advisories/VMSA-2011-0007.htmlhttp://www.vupen.com/english/advisories/2010/3094http://www.vupen.com/english/advisories/2010/3118
2010-12-02
Published