CVE-2010-1324

2010-12-0200:00:00

ubuntu.com

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

79.9%

JSON

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly
determine the acceptability of checksums, which might allow remote
attackers to forge GSS tokens, gain privileges, or have unspecified other
impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a
KrbFastArmoredReq checksum based on an RC4 key.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553>

Notes

Author	Note
mdeslaur	1.7 and newer

OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchkrb5< 1.7dfsg~beta3-1ubuntu0.7UNKNOWN
ubuntu10.04noarchkrb5< 1.8.1+dfsg-2ubuntu0.4UNKNOWN
ubuntu10.10noarchkrb5< 1.8.1+dfsg-5ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.10	noarch	krb5	< 1.7dfsg~beta3-1ubuntu0.7	UNKNOWN
ubuntu	10.04	noarch	krb5	< 1.8.1+dfsg-2ubuntu0.4	UNKNOWN
ubuntu	10.10	noarch	krb5	< 1.8.1+dfsg-5ubuntu0.2	UNKNOWN