CVE - CVE-2010-1323

CVE-ID
CVE-2010-1323	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] URL:http://www.securityfocus.com/archive/1/514953/100/0/threaded BUGTRAQ:20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console URL:http://www.securityfocus.com/archive/1/517739/100/0/threaded BUGTRAQ:20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console URL:http://www.securityfocus.com/archive/1/520102/100/0/threaded MLIST:[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console URL:http://lists.vmware.com/pipermail/security-announce/2011/000133.html CONFIRM:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt CONFIRM:http://support.apple.com/kb/HT4581 CONFIRM:http://kb.vmware.com/kb/1035108 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2011-0007.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2011-0012.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html APPLE:APPLE-SA-2011-03-21-1 URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html DEBIAN:DSA-2129 URL:http://www.debian.org/security/2010/dsa-2129 FEDORA:FEDORA-2010-18409 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html FEDORA:FEDORA-2010-18425 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html HP:HPSBUX02623 URL:http://marc.info/?l=bugtraq&m=129562442714657&w=2 HP:SSRT100355 URL:http://marc.info/?l=bugtraq&m=129562442714657&w=2 HP:HPSBOV02682 URL:http://marc.info/?l=bugtraq&m=130497213107107&w=2 HP:SSRT100495 URL:http://marc.info/?l=bugtraq&m=130497213107107&w=2 MANDRIVA:MDVSA-2010:245 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:245 MANDRIVA:MDVSA-2010:246 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:246 REDHAT:RHSA-2010:0925 URL:http://www.redhat.com/support/errata/RHSA-2010-0925.html REDHAT:RHSA-2010:0926 URL:http://www.redhat.com/support/errata/RHSA-2010-0926.html SUSE:SUSE-SR:2010:023 URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html SUSE:SUSE-SR:2010:024 URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html SUSE:SUSE-SU-2012:0010 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html SUSE:SUSE-SU-2012:0042 URL:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html UBUNTU:USN-1030-1 URL:http://www.ubuntu.com/usn/USN-1030-1 BID:45118 URL:http://www.securityfocus.com/bid/45118 OSVDB:69610 URL:http://osvdb.org/69610 OVAL:oval:org.mitre.oval:def:12121 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121 SECTRACK:1024803 URL:http://www.securitytracker.com/id?1024803 SECUNIA:42399 URL:http://secunia.com/advisories/42399 SECUNIA:42420 URL:http://secunia.com/advisories/42420 SECUNIA:42436 URL:http://secunia.com/advisories/42436 SECUNIA:43015 URL:http://secunia.com/advisories/43015 SECUNIA:46397 URL:http://secunia.com/advisories/46397 VUPEN:ADV-2010-3094 URL:http://www.vupen.com/english/advisories/2010/3094 VUPEN:ADV-2010-3095 URL:http://www.vupen.com/english/advisories/2010/3095 VUPEN:ADV-2010-3101 URL:http://www.vupen.com/english/advisories/2010/3101 VUPEN:ADV-2010-3118 URL:http://www.vupen.com/english/advisories/2010/3118 VUPEN:ADV-2011-0187 URL:http://www.vupen.com/english/advisories/2011/0187
Assigning CNA
N/A
Date Entry Created
20100408	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100408)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org