CVE - CVE-2010-1321

CVE-ID
CVE-2010-1321	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20100518 MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref URL:http://www.securityfocus.com/archive/1/511331/100/0/threaded BUGTRAQ:20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX URL:http://www.securityfocus.com/archive/1/516397/100/0/threaded CONFIRM:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt CONFIRM:http://support.avaya.com/css/P8/documents/100114315 CONFIRM:http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2011-0003.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html DEBIAN:DSA-2052 URL:http://www.debian.org/security/2010/dsa-2052 FEDORA:FEDORA-2010-8749 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html FEDORA:FEDORA-2010-8796 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html FEDORA:FEDORA-2010-8805 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html HP:HPSBUX02544 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 HP:SSRT100107 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 HP:HPSBMU02799 URL:http://marc.info/?l=bugtraq&m=134254866602253&w=2 MANDRIVA:MDVSA-2010:100 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:100 REDHAT:RHSA-2010:0423 URL:http://www.redhat.com/support/errata/RHSA-2010-0423.html REDHAT:RHSA-2010:0770 URL:http://www.redhat.com/support/errata/RHSA-2010-0770.html REDHAT:RHSA-2010:0807 URL:http://www.redhat.com/support/errata/RHSA-2010-0807.html REDHAT:RHSA-2010:0873 URL:http://www.redhat.com/support/errata/RHSA-2010-0873.html REDHAT:RHSA-2010:0935 URL:http://www.redhat.com/support/errata/RHSA-2010-0935.html REDHAT:RHSA-2010:0987 URL:http://www.redhat.com/support/errata/RHSA-2010-0987.html REDHAT:RHSA-2011:0152 URL:http://www.redhat.com/support/errata/RHSA-2011-0152.html REDHAT:RHSA-2011:0880 URL:http://www.redhat.com/support/errata/RHSA-2011-0880.html SUSE:SUSE-SR:2010:013 URL:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SUSE:SUSE-SR:2010:014 URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html SUSE:SUSE-SR:2010:019 URL:http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SUSE:SUSE-SU-2012:0010 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html SUSE:SUSE-SU-2012:0042 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html UBUNTU:USN-940-1 URL:http://www.ubuntu.com/usn/USN-940-1 UBUNTU:USN-940-2 URL:http://www.ubuntu.com/usn/USN-940-2 CERT:TA10-287A URL:http://www.us-cert.gov/cas/techalerts/TA10-287A.html CERT:TA11-201A URL:http://www.us-cert.gov/cas/techalerts/TA11-201A.html BID:40235 URL:http://www.securityfocus.com/bid/40235 OSVDB:64744 URL:http://osvdb.org/64744 OVAL:oval:org.mitre.oval:def:11604 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604 OVAL:oval:org.mitre.oval:def:7198 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198 OVAL:oval:org.mitre.oval:def:7450 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450 SECUNIA:39762 URL:http://secunia.com/advisories/39762 SECUNIA:39818 URL:http://secunia.com/advisories/39818 SECUNIA:39784 URL:http://secunia.com/advisories/39784 SECUNIA:39799 URL:http://secunia.com/advisories/39799 SECUNIA:39849 URL:http://secunia.com/advisories/39849 SECUNIA:40346 URL:http://secunia.com/advisories/40346 SECUNIA:40685 URL:http://secunia.com/advisories/40685 SECUNIA:41967 URL:http://secunia.com/advisories/41967 SECUNIA:42432 URL:http://secunia.com/advisories/42432 SECUNIA:42974 URL:http://secunia.com/advisories/42974 SECUNIA:43335 URL:http://secunia.com/advisories/43335 SECUNIA:44954 URL:http://secunia.com/advisories/44954 VUPEN:ADV-2010-1177 URL:http://www.vupen.com/english/advisories/2010/1177 VUPEN:ADV-2010-1193 URL:http://www.vupen.com/english/advisories/2010/1193 VUPEN:ADV-2010-1196 URL:http://www.vupen.com/english/advisories/2010/1196 VUPEN:ADV-2010-1192 URL:http://www.vupen.com/english/advisories/2010/1192 VUPEN:ADV-2010-1222 URL:http://www.vupen.com/english/advisories/2010/1222 VUPEN:ADV-2010-1574 URL:http://www.vupen.com/english/advisories/2010/1574 VUPEN:ADV-2010-1882 URL:http://www.vupen.com/english/advisories/2010/1882 VUPEN:ADV-2010-3112 URL:http://www.vupen.com/english/advisories/2010/3112 VUPEN:ADV-2011-0134 URL:http://www.vupen.com/english/advisories/2011/0134
Assigning CNA
N/A
Date Entry Created
20100408	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100408)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org