CVE-2010-1321

MEDIUM

Description

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html

http://marc.info/?l=bugtraq&m=134254866602253&w=2

http://osvdb.org/64744

http://secunia.com/advisories/39762

http://secunia.com/advisories/39784

http://secunia.com/advisories/39799

http://secunia.com/advisories/39818

http://secunia.com/advisories/39849

http://secunia.com/advisories/40346

http://secunia.com/advisories/40685

http://secunia.com/advisories/41967

http://secunia.com/advisories/42432

http://secunia.com/advisories/42974

http://secunia.com/advisories/43335

http://secunia.com/advisories/44954

http://support.avaya.com/css/P8/documents/100114315

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt

http://www.debian.org/security/2010/dsa-2052

http://www.mandriva.com/security/advisories?name=MDVSA-2010:100

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

http://www.redhat.com/support/errata/RHSA-2010-0423.html

http://www.redhat.com/support/errata/RHSA-2010-0770.html

http://www.redhat.com/support/errata/RHSA-2010-0807.html

http://www.redhat.com/support/errata/RHSA-2010-0873.html

http://www.redhat.com/support/errata/RHSA-2010-0935.html

http://www.redhat.com/support/errata/RHSA-2010-0987.html

http://www.redhat.com/support/errata/RHSA-2011-0152.html

http://www.redhat.com/support/errata/RHSA-2011-0880.html

http://www.securityfocus.com/archive/1/511331/100/0/threaded

http://www.securityfocus.com/archive/1/516397/100/0/threaded

http://www.securityfocus.com/bid/40235

http://www.ubuntu.com/usn/USN-940-1

http://www.ubuntu.com/usn/USN-940-2

http://www.us-cert.gov/cas/techalerts/TA10-287A.html

http://www.us-cert.gov/cas/techalerts/TA11-201A.html

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

http://www.vupen.com/english/advisories/2010/1177

http://www.vupen.com/english/advisories/2010/1192

http://www.vupen.com/english/advisories/2010/1193

http://www.vupen.com/english/advisories/2010/1196

http://www.vupen.com/english/advisories/2010/1222

http://www.vupen.com/english/advisories/2010/1574

http://www.vupen.com/english/advisories/2010/1882

http://www.vupen.com/english/advisories/2010/3112

http://www.vupen.com/english/advisories/2011/0134

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450

Details

Source: MITRE

Published: 2010-05-19

Updated: 2021-02-02

Type: CWE-476

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8

Severity: MEDIUM

Tenable Plugins

View all (55 total)

IDNameProductFamilySeverity
89741VMware ESX Multiple Vulnerabilities (VMSA-2010-0013) (remote check)NessusVMware ESX Local Security Checks
high
89681VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0013) (remote check)NessusMisc.
critical
89674VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)NessusMisc.
critical
79475OracleVM 2.2 : krb5 (OVMSA-2011-0015)NessusOracleVM Local Security Checks
critical
75540openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)NessusSuSE Local Security Checks
critical
68041Oracle Linux 3 / 4 / 5 : krb5 (ELSA-2010-0423)NessusOracle Linux Local Security Checks
medium
64843Oracle Java SE Multiple Vulnerabilities (October 2010 CPU) (Unix)NessusMisc.
critical
63983RHEL 5 : IBM Java Runtime (RHSA-2011:0880)NessusRed Hat Local Security Checks
critical
60869Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60793Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
57655GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
57203SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7440)NessusSuSE Local Security Checks
critical
56665VMSA-2011-0013 : VMware third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESXNessusVMware ESX Local Security Checks
critical
52632SuSE 10 Security Update : IBM Java (ZYPP Patch Number 7348)NessusSuSE Local Security Checks
critical
52631SuSE 11.1 Security Update : IBM Java (SAT Patch Number 4024)NessusSuSE Local Security Checks
critical
52629SuSE9 Security Update : IBMJava JRE and SDK (YOU Patch Number 12682)NessusSuSE Local Security Checks
critical
51971VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESXNessusVMware ESX Local Security Checks
critical
51751SuSE 10 Security Update : Sun Java 1.6.0 (ZYPP Patch Number 7204)NessusSuSE Local Security Checks
critical
51750SuSE 10 Security Update : IBM Java 6 SR9 (ZYPP Patch Number 7312)NessusSuSE Local Security Checks
critical
51667SuSE 11.1 Security Update : IBM Java 6 (SAT Patch Number 3724)NessusSuSE Local Security Checks
critical
51660SuSE9 Security Update : IBM Java (YOU Patch Number 12669)NessusSuSE Local Security Checks
critical
51561RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2011:0152)NessusRed Hat Local Security Checks
critical
51197RHEL 4 / 5 / 6 : java-1.6.0-ibm (RHSA-2010:0987)NessusRed Hat Local Security Checks
critical
50968SuSE 10 Security Update : IBM Java 5 (ZYPP Patch Number 7205)NessusSuSE Local Security Checks
critical
50927SuSE 11 Security Update : krb5 (SAT Patch Number 2437)NessusSuSE Local Security Checks
medium
50919SuSE 11 / 11.1 Security Update : Java 1.6.0 (SAT Patch Numbers 3347 / 3349)NessusSuSE Local Security Checks
critical
50870RHEL 4 / 5 : java-1.4.2-ibm (RHSA-2010:0935)NessusRed Hat Local Security Checks
critical
50854SuSE9 Security Update : IBM Java 5 JRE and SDK (YOU Patch Number 12659)NessusSuSE Local Security Checks
critical
50652Oracle Database Multiple Vulnerabilities (October 2010 CPU)NessusDatabases
high
50641RHEL 6 : java-1.5.0-ibm (RHSA-2010:0873)NessusRed Hat Local Security Checks
critical
50611VMSA-2010-0016 : VMware ESXi and ESX third-party updates for Service Console and Likewise componentsNessusVMware ESX Local Security Checks
critical
50360RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2010:0807)NessusRed Hat Local Security Checks
critical
50299openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)NessusSuSE Local Security Checks
critical
50298openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2010:0754-1)NessusSuSE Local Security Checks
critical
50073Mac OS X : Java for Mac OS X 10.6 Update 3NessusMacOS X Local Security Checks
high
50072Mac OS X : Java for Mac OS X 10.5 Update 8NessusMacOS X Local Security Checks
high
49996Oracle Java SE Multiple Vulnerabilities (October 2010 CPU)NessusWindows
critical
49990RHEL 4 / 5 : java-1.6.0-sun (RHSA-2010:0770)NessusRed Hat Local Security Checks
critical
49876SuSE 10 Security Update : Kerberos 5 (ZYPP Patch Number 7046)NessusSuSE Local Security Checks
medium
49085VMSA-2010-0013 : VMware ESX third-party updates for Service ConsoleNessusVMware ESX Local Security Checks
high
47799Ubuntu 10.04 LTS : krb5 vulnerability (USN-940-2)NessusUbuntu Local Security Checks
medium
47513Fedora 12 : krb5-1.7.1-9.fc12 (2010-8805)NessusFedora Local Security Checks
medium
47512Fedora 11 : krb5-1.6.3-31.fc11 (2010-8796)NessusFedora Local Security Checks
medium
47510Fedora 13 : krb5-1.7.1-10.fc13 (2010-8749)NessusFedora Local Security Checks
medium
47149HP-UX PHSS_41168 : HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02544 SSRT100107 rev.1)NessusHP-UX Local Security Checks
high
47148HP-UX PHSS_41167 : HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02544 SSRT100107 rev.1)NessusHP-UX Local Security Checks
high
47147HP-UX PHSS_41166 : HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code (HPSBUX02544 SSRT100107 rev.1)NessusHP-UX Local Security Checks
high
46730openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1)NessusSuSE Local Security Checks
medium
46728openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1)NessusSuSE Local Security Checks
medium
46727openSUSE Security Update : krb5 (openSUSE-SU-2010:0292-1)NessusSuSE Local Security Checks
medium
46724Debian DSA-2052-1 : krb5 - NULL pointer dereferenceNessusDebian Local Security Checks
medium
46694CentOS 3 / 4 / 5 : krb5 (CESA-2010:0423)NessusCentOS Local Security Checks
medium
46688Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 : krb5 vulnerabilities (USN-940-1)NessusUbuntu Local Security Checks
critical
46678Mandriva Linux Security Advisory : krb5 (MDVSA-2010:100)NessusMandriva Local Security Checks
medium
46665RHEL 3 / 4 / 5 : krb5 (RHSA-2010:0423)NessusRed Hat Local Security Checks
medium