Lucene search
RootSSV:19661HistoryMay 20, 2010 - 12:00 a.m.
MIT Kerberos GSS-API校验和空指针引用拒绝服务漏洞
2010-05-2000:00:00
Root
www.seebug.org
19
0.005 Low
EPSS
Percentile
73.6%
BUGTRAQ ID: 40235
CVE ID: CVE-2010-1321
Kerberos是一款广泛使用的使用强壮的加密来验证客户端和服务器端的网络协议。MIT Kerberos 5是一种常用的开源Kerberos实现。
MIT Kerberos的GSS-API库中存在空指针引用错误,通过认证的远程攻击者可以通过发送缺少校验和字段的特制GSS-API令牌来利用这个漏洞,导致使用GSS-API认证机制的服务器应用崩溃。
MIT Kerberos 5 1.8
MIT Kerberos 5 1.7
MIT Kerberos 5 1.6
厂商补丁:
MIT
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://web.mit.edu/kerberos/advisories/2010-005-patch.txt
http://web.mit.edu/kerberos/advisories/2010-005-patch.txt.asc
http://web.mit.edu/kerberos/advisories/2010-005-patch_r16.txt
http://web.mit.edu/kerberos/advisories/2010-005-patch_r16.txt.asc
RedHat
RedHat已经为此发布了一个安全公告(RHSA-2010:0423-01)以及相应补丁:
RHSA-2010:0423-01:Important: krb5 security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0423.html
Related
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:56
openvas
openvas
Mandriva Update for krb5 MDVSA-2010:100 (krb5)
2010-05-28 00:00:00
Mandriva Update for krb5 MDVSA-2010:100 (krb5)
2010-05-28 00:00:00
CentOS Update for krb5-devel CESA-2010:0423 centos3 i386
2010-05-28 00:00:00
nessus
nessus
Fedora 12 : krb5-1.7.1-9.fc12 (2010-8805)
2010-07-01 00:00:00
Debian DSA-2052-1 : krb5 - NULL pointer dereference
2010-05-26 00:00:00
Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
cve
cve
CVE-2010-1321
2010-05-19 18:30:00
securityvulns
securityvulns
MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref
2010-05-21 00:00:00
MIT Kerberos 5 GSS-API library DoS
2010-05-21 00:00:00
[ MDVSA-2010:130 ] heimdal
2010-07-11 00:00:00
redhat
redhat
(RHSA-2010:0423) Important: krb5 security update
2010-05-18 00:00:00
(RHSA-2011:0152) Moderate: java-1.4.2-ibm security update
2011-01-17 00:00:00
(RHSA-2010:0935) Moderate: java-1.4.2-ibm security update
2010-12-01 00:00:00
debiancve
debiancve
CVE-2010-1321
2010-05-19 18:30:00
debian
debian
[SECURITY] [DSA 2052-1] New krb5 packages fix denial of service
2010-05-24 19:49:50
[SECURITY] [DSA 2052-1] New krb5 packages fix denial of service
2010-05-24 19:48:30
osv
osv
krb5 - denial of service
2010-05-24 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: krb5-1.7.1-10.fc13
2010-05-19 19:11:47
[SECURITY] Fedora 11 Update: krb5-1.6.3-31.fc11
2010-05-19 19:18:06
[SECURITY] Fedora 13 Update: krb5-1.7.1-16.fc13
2010-12-09 21:57:48
centos
centos
krb5 security update
2010-05-21 22:00:31
prion
prion
Null pointer dereference
2010-05-19 18:30:00
ubuntucve
ubuntucve
CVE-2010-1321
2010-05-18 00:00:00
oraclelinux
oraclelinux
krb5 security update
2010-05-18 00:00:00
ubuntu
ubuntu
Kerberos vulnerability
2010-07-21 00:00:00
Kerberos vulnerabilities
2010-05-19 00:00:00
suse
suse
Security update for krb5 (important)
2012-01-05 12:08:23
Security update for krb5 (important)
2012-01-05 12:35:50
remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm
2011-03-22 13:32:34
vmware
vmware
VMware ESX third party updates for Service Console
2010-08-31 00:00:00
VMware ESX third party updates for Service Console
2010-08-31 00:00:00
seebug
seebug
VMware ESX Service Console多个安全漏洞
2012-01-13 00:00:00
gentoo
gentoo
MIT Kerberos 5: Multiple vulnerabilities
2012-01-23 00:00:00
cisco
cisco
MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability
2010-05-19 15:40:37
oracle
oracle
Oracle Critical Patch Update - October 2010
2010-10-12 00:00:00
Oracle Critical Patch Update - July 2011
2011-12-15 00:00:00
Oracle Critical Patch Update - January 2011
2011-01-18 00:00:00