Lucene search

K

[email protected]NVD:CVE-2010-1324

HistoryDec 02, 2010 - 4:22 p.m.

CVE-2010-1324

2010-12-0216:22:20

CWE-310

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

Affected configurations

NVD

Node

mitkerberos_5Match1.7

OR

mitkerberos_5Match1.7.1

OR

mitkerberos_5Match1.8

OR

mitkerberos_5Match1.8.1

OR

mitkerberos_5Match1.8.2

OR

mitkerberos_5Match1.8.3

References

kb.vmware.com/kb/1035108

lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html

lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

lists.vmware.com/pipermail/security-announce/2011/000133.html

marc.info/?l=bugtraq&m=129562442714657&w=2

osvdb.org/69609

secunia.com/advisories/42399

secunia.com/advisories/43015

support.apple.com/kb/HT4581

web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt

www.mandriva.com/security/advisories?name=MDVSA-2010:246

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.redhat.com/support/errata/RHSA-2010-0925.html

www.securityfocus.com/archive/1/514953/100/0/threaded

www.securityfocus.com/archive/1/517739/100/0/threaded

www.securityfocus.com/bid/45116

www.securitytracker.com/id?1024803

www.ubuntu.com/usn/USN-1030-1

www.vmware.com/security/advisories/VMSA-2011-0007.html

www.vupen.com/english/advisories/2010/3094

www.vupen.com/english/advisories/2010/3095

www.vupen.com/english/advisories/2010/3118

www.vupen.com/english/advisories/2011/0187

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

Related for NVD:CVE-2010-1324

nessus22 openvas35 prion1 cvelist1 debiancve1 cve1 freebsd2 ubuntucve1 redhat1 fedora9 ubuntu1 securityvulns6 vmware1 oraclelinux1 kaspersky1 ibm1 gentoo1 oracle1