CVE-2010-1320

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490

http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html

http://secunia.com/advisories/39656

http://secunia.com/advisories/39784

http://secunia.com/advisories/40220

http://securitytracker.com/id?1023904

http://support.apple.com/kb/HT4188

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt

http://www.securityfocus.com/archive/1/510843/100/0/threaded

http://www.securityfocus.com/bid/39599

http://www.ubuntu.com/usn/USN-940-1

http://www.vupen.com/english/advisories/2010/1001

http://www.vupen.com/english/advisories/2010/1192

http://www.vupen.com/english/advisories/2010/1481

Details

Source: MITRE

Published: 2010-04-22

Updated: 2020-01-21

Type: CWE-399

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
57655GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
47799Ubuntu 10.04 LTS : krb5 vulnerability (USN-940-2)NessusUbuntu Local Security Checks
medium
47455Fedora 12 : krb5-1.7.1-7.fc12 (2010-7130)NessusFedora Local Security Checks
medium
47454Fedora 13 : krb5-1.7.1-8.fc13 (2010-7102)NessusFedora Local Security Checks
medium
800793Mac OS X 10.6 < 10.6.4 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5571Mac OS X 10.6 < 10.6.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
47023Mac OS X 10.6.x < 10.6.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
46688Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 : krb5 vulnerabilities (USN-940-1)NessusUbuntu Local Security Checks
critical
45607openSUSE Security Update : krb5 (openSUSE-SU-2010:0147-1)NessusSuSE Local Security Checks
medium
45595FreeBSD : krb5 -- KDC double free vulnerability (86b8b655-4d1a-11df-83fb-0015587e2cc1)NessusFreeBSD Local Security Checks
medium