Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-1321
HistoryMay 18, 2010 - 12:00 a.m.

CVE-2010-1321

2010-05-1800:00:00
ubuntu.com
ubuntu.com
8

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.005 Low

EPSS

Percentile

75.7%

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API
library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as
used in kadmind and other applications, does not properly check for invalid
GSS-API tokens, which allows remote authenticated users to cause a denial
of service (NULL pointer dereference and daemon crash) via an AP-REQ
message in which the authenticatorโ€™s checksum field is missing.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchkrb5<ย 1.4.3-5ubuntu0.11UNKNOWN
ubuntu8.04noarchkrb5<ย 1.6.dfsg.3~beta1-2ubuntu1.5UNKNOWN
ubuntu9.04noarchkrb5<ย 1.6.dfsg.4~beta1-5ubuntu2.4UNKNOWN
ubuntu9.10noarchkrb5<ย 1.7dfsg~beta3-1ubuntu0.6UNKNOWN
ubuntu10.04noarchkrb5<ย 1.8.1+dfsg-2ubuntu0.2UNKNOWN
ubuntu8.04noarchsun-jav6<ย 6.22-0ubuntu1~8.04.1UNKNOWN
ubuntu9.04noarchsun-jav6<ย 6.22-0ubuntu1~9.04.1UNKNOWN
ubuntu9.10noarchsun-jav6<ย 6.22-0ubuntu1~9.10.1UNKNOWN
ubuntu10.04noarchsun-jav6<ย 6.22-0ubuntu1~10.04UNKNOWN
ubuntu10.10noarchsun-jav6<ย 6.22-0ubuntu1~10.10UNKNOWN

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

0.005 Low

EPSS

Percentile

75.7%