Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2010-4021HistoryDec 02, 2010 - 4:22 p.m.
CVE-2010-4021
2010-12-0216:22:00
Debian Security Bug Tracker
security-tracker.debian.org
7
0.004 Low
EPSS
Percentile
73.4%
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a “KrbFastReq forgery issue.”
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | krb5 | < 1.8+dfsg~alpha1-1 | krb5_1.8+dfsg~alpha1-1_all.deb |
| Debian | 11 | all | krb5 | < 1.8+dfsg~alpha1-1 | krb5_1.8+dfsg~alpha1-1_all.deb |
| Debian | 10 | all | krb5 | < 1.8+dfsg~alpha1-1 | krb5_1.8+dfsg~alpha1-1_all.deb |
| Debian | 999 | all | krb5 | < 1.8+dfsg~alpha1-1 | krb5_1.8+dfsg~alpha1-1_all.deb |
| Debian | 13 | all | krb5 | < 1.8+dfsg~alpha1-1 | krb5_1.8+dfsg~alpha1-1_all.deb |
Related
cvelist
cvelist
CVE-2010-4021
2010-12-02 16:00:00
openvas
openvas
FreeBSD Ports: krb5
2011-01-24 00:00:00
FreeBSD Ports: krb5
2011-01-24 00:00:00
Mandriva Update for krb5 MDVSA-2010:246 (krb5)
2010-12-09 00:00:00
prion
prion
Design/Logic Flaw
2010-12-02 16:22:00
cve
cve
CVE-2010-4021
2010-12-02 16:22:00
nessus
nessus
FreeBSD : krb5 -- client impersonation vulnerability (4ccbd40d-03f7-11e0-bf50-001a926c7637)
2010-12-10 00:00:00
openSUSE Security Update : krb5 (openSUSE-SU-2010:1053-1)
2011-05-05 00:00:00
CentOS 4 / 5 : krb5 (CESA-2010:0926)
2010-12-02 00:00:00
freebsd
freebsd
krb5 -- client impersonation vulnerability
2010-11-30 00:00:00
ubuntucve
ubuntucve
CVE-2010-4021
2010-12-02 00:00:00
securityvulns
securityvulns
ubuntu
ubuntu
Kerberos vulnerabilities
2010-12-09 00:00:00
vmware
vmware
ibm
ibm
gentoo
gentoo
MIT Kerberos 5: Multiple vulnerabilities
2012-01-23 00:00:00