CVE-2010-1323

2010-12-0200:00:00

ubuntu.com

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.2%

JSON

MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x
through 1.8.3 does not properly determine the acceptability of checksums,
which might allow remote attackers to modify user-visible prompt text,
modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE
message via certain checksums that (1) are unkeyed or (2) use RC4 keys.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553>

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchkrb5< 1.4.3-5ubuntu0.12UNKNOWN
ubuntu8.04noarchkrb5< 1.6.dfsg.3~beta1-2ubuntu1.6UNKNOWN
ubuntu9.10noarchkrb5< 1.7dfsg~beta3-1ubuntu0.7UNKNOWN
ubuntu10.04noarchkrb5< 1.8.1+dfsg-2ubuntu0.4UNKNOWN
ubuntu10.10noarchkrb5< 1.8.1+dfsg-5ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	krb5	< 1.4.3-5ubuntu0.12	UNKNOWN
ubuntu	8.04	noarch	krb5	< 1.6.dfsg.3~beta1-2ubuntu1.6	UNKNOWN
ubuntu	9.10	noarch	krb5	< 1.7dfsg~beta3-1ubuntu0.7	UNKNOWN
ubuntu	10.04	noarch	krb5	< 1.8.1+dfsg-2ubuntu0.4	UNKNOWN
ubuntu	10.10	noarch	krb5	< 1.8.1+dfsg-5ubuntu0.2	UNKNOWN