CVE-2010-1324

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

References

http://kb.vmware.com/kb/1035108

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://lists.vmware.com/pipermail/security-announce/2011/000133.html

http://marc.info/?l=bugtraq&m=129562442714657&w=2

http://osvdb.org/69609

http://secunia.com/advisories/42399

http://secunia.com/advisories/43015

http://support.apple.com/kb/HT4581

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt

http://www.mandriva.com/security/advisories?name=MDVSA-2010:246

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.redhat.com/support/errata/RHSA-2010-0925.html

http://www.securityfocus.com/archive/1/514953/100/0/threaded

http://www.securityfocus.com/archive/1/517739/100/0/threaded

http://www.securityfocus.com/bid/45116

http://www.securitytracker.com/id?1024803

http://www.ubuntu.com/usn/USN-1030-1

http://www.vmware.com/security/advisories/VMSA-2011-0007.html

http://www.vupen.com/english/advisories/2010/3094

http://www.vupen.com/english/advisories/2010/3095

http://www.vupen.com/english/advisories/2010/3118

http://www.vupen.com/english/advisories/2011/0187

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936

Details

Source: MITRE

Published: 2010-12-02

Updated: 2020-01-21

Type: CWE-310

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Impact Score: 1.4

Exploitability Score: 2.2

Severity: LOW

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
89676VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2011-0007) (remote check)NessusMisc.
high
84795Oracle Secure Global Desktop Multiple Vulnerabilities (July 2015 CPU)NessusMisc.
high
80653Oracle Solaris Third-Party Patch Update : kerberos (cve_2010_1322_improper_input)NessusSolaris Local Security Checks
medium
75559openSUSE Security Update : krb5 (openSUSE-SU-2010:1053-1)NessusSuSE Local Security Checks
medium
68152Oracle Linux 4 / 5 : krb5 (ELSA-2010-0926)NessusOracle Linux Local Security Checks
medium
57655GLSA-201201-13 : MIT Kerberos 5: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
53742openSUSE Security Update : krb5 (openSUSE-SU-2010:1053-1)NessusSuSE Local Security Checks
medium
53672openSUSE Security Update : krb5 (openSUSE-SU-2010:1053-1)NessusSuSE Local Security Checks
medium
53592VMSA-2011-0007 : VMware ESXi and ESX Denial of Service and third-party updates for Likewise components and ESX Service ConsoleNessusVMware ESX Local Security Checks
medium
52754Mac OS X 10.6.x < 10.6.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
800796Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5826Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
51659HP-UX PHSS_41775 : HP-UX Running Kerberos, Remote Unauthorized Modification (HPSBUX02623 SSRT100355 rev.1)NessusHP-UX Local Security Checks
low
51159SuSE 10 Security Update : krb5 (ZYPP Patch Number 7243)NessusSuSE Local Security Checks
medium
51116Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : krb5 vulnerabilities (USN-1030-1)NessusUbuntu Local Security Checks
medium
51104FreeBSD : krb5 -- unkeyed PAC checksum handling vulnerability (9f971cea-03f5-11e0-bf50-001a926c7637)NessusFreeBSD Local Security Checks
low
51100FreeBSD : krb5 -- multiple checksum handling vulnerabilities (0d57c1d9-03f4-11e0-bf50-001a926c7637)NessusFreeBSD Local Security Checks
low
51099Fedora 13 : krb5-1.7.1-16.fc13 (2010-18425)NessusFedora Local Security Checks
medium
51083Fedora 14 : krb5-1.8.2-7.fc14 (2010-18409)NessusFedora Local Security Checks
medium
50974SuSE 11 / 11.1 Security Update : krb5 (SAT Patch Numbers 3547 / 3549)NessusSuSE Local Security Checks
medium
50863CentOS 4 / 5 : krb5 (CESA-2010:0926)NessusCentOS Local Security Checks
medium
50853RHEL 4 / 5 : krb5 (RHSA-2010:0926)NessusRed Hat Local Security Checks
medium
50852RHEL 6 : krb5 (RHSA-2010:0925)NessusRed Hat Local Security Checks
medium
50849Mandriva Linux Security Advisory : krb5 (MDVSA-2010:246)NessusMandriva Local Security Checks
medium