CVE - CVE-2010-1324

CVE-ID
CVE-2010-1324	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2011-03-21-1 URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html BID:45116 URL:http://www.securityfocus.com/bid/45116 BUGTRAQ:20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] URL:http://www.securityfocus.com/archive/1/514953/100/0/threaded BUGTRAQ:20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console URL:http://www.securityfocus.com/archive/1/517739/100/0/threaded CONFIRM:http://kb.vmware.com/kb/1035108 CONFIRM:http://support.apple.com/kb/HT4581 CONFIRM:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html CONFIRM:http://www.vmware.com/security/advisories/VMSA-2011-0007.html FEDORA:FEDORA-2010-18409 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html FEDORA:FEDORA-2010-18425 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html HP:HPSBUX02623 URL:http://marc.info/?l=bugtraq&m=129562442714657&w=2 HP:SSRT100355 URL:http://marc.info/?l=bugtraq&m=129562442714657&w=2 MANDRIVA:MDVSA-2010:246 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:246~~ (Obsolete source) MLIST:[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console URL:http://lists.vmware.com/pipermail/security-announce/2011/000133.html OSVDB:69609 URL:~~http://osvdb.org/69609~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:11936 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936 REDHAT:RHSA-2010:0925 URL:http://www.redhat.com/support/errata/RHSA-2010-0925.html SECTRACK:1024803 URL:http://www.securitytracker.com/id?1024803 SECUNIA:42399 URL:http://secunia.com/advisories/42399 SECUNIA:43015 URL:http://secunia.com/advisories/43015 SUSE:SUSE-SR:2010:023 URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html SUSE:SUSE-SR:2010:024 URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html UBUNTU:USN-1030-1 URL:http://www.ubuntu.com/usn/USN-1030-1 VUPEN:ADV-2010-3094 URL:~~http://www.vupen.com/english/advisories/2010/3094~~ (Obsolete source) VUPEN:ADV-2010-3095 URL:~~http://www.vupen.com/english/advisories/2010/3095~~ (Obsolete source) VUPEN:ADV-2010-3118 URL:~~http://www.vupen.com/english/advisories/2010/3118~~ (Obsolete source) VUPEN:ADV-2011-0187 URL:~~http://www.vupen.com/english/advisories/2011/0187~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20100408	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100408)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)