CVE-2010-1324
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
80.0%
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
References
kb.vmware.com/kb/1035108
lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
lists.vmware.com/pipermail/security-announce/2011/000133.html
marc.info/?l=bugtraq&m=129562442714657&w=2
osvdb.org/69609
secunia.com/advisories/42399
secunia.com/advisories/43015
support.apple.com/kb/HT4581
web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
www.mandriva.com/security/advisories?name=MDVSA-2010:246
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
www.redhat.com/support/errata/RHSA-2010-0925.html
www.securityfocus.com/archive/1/514953/100/0/threaded
www.securityfocus.com/archive/1/517739/100/0/threaded
www.securityfocus.com/bid/45116
www.securitytracker.com/id?1024803
www.ubuntu.com/usn/USN-1030-1
www.vmware.com/security/advisories/VMSA-2011-0007.html
www.vupen.com/english/advisories/2010/3094
www.vupen.com/english/advisories/2010/3095
www.vupen.com/english/advisories/2010/3118
www.vupen.com/english/advisories/2011/0187
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
Related
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.8 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
80.0%