CVE-2010-1324low
Description
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
References
http://kb.vmware.com/kb/1035108
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://marc.info/?l=bugtraq&m=129562442714657&w=2
http://secunia.com/advisories/42399
http://secunia.com/advisories/43015
http://support.apple.com/kb/HT4581
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.redhat.com/support/errata/RHSA-2010-0925.html
http://www.securityfocus.com/archive/1/514953/100/0/threaded
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.securityfocus.com/bid/45116
http://www.securitytracker.com/id?1024803
http://www.ubuntu.com/usn/USN-1030-1
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
http://www.vupen.com/english/advisories/2010/3094
http://www.vupen.com/english/advisories/2010/3095
http://www.vupen.com/english/advisories/2010/3118
http://www.vupen.com/english/advisories/2011/0187
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
Details
Source: MITRE
Published: 2010-12-02
Updated: 2020-01-21
Type: CWE-310
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 3.7
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Impact Score: 1.4
Exploitability Score: 2.2
Severity: LOW