Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2010-1321HistoryMay 19, 2010 - 6:30 p.m.
CVE-2010-1321
2010-05-1918:30:03
Debian Security Bug Tracker
security-tracker.debian.org
20
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.01 Low
EPSS
Percentile
83.7%
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticatorโs checksum field is missing.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | heimdal | <ย 1.4.0~git20100605.dfsg.1-1 | heimdal_1.4.0~git20100605.dfsg.1-1_all.deb |
| Debian | 11 | all | heimdal | <ย 1.4.0~git20100605.dfsg.1-1 | heimdal_1.4.0~git20100605.dfsg.1-1_all.deb |
| Debian | 999 | all | heimdal | <ย 1.4.0~git20100605.dfsg.1-1 | heimdal_1.4.0~git20100605.dfsg.1-1_all.deb |
| Debian | 13 | all | heimdal | <ย 1.4.0~git20100605.dfsg.1-1 | heimdal_1.4.0~git20100605.dfsg.1-1_all.deb |
| Debian | 12 | all | krb5 | <ย 1.8.1+dfsg-3 | krb5_1.8.1+dfsg-3_all.deb |
| Debian | 11 | all | krb5 | <ย 1.8.1+dfsg-3 | krb5_1.8.1+dfsg-3_all.deb |
| Debian | 999 | all | krb5 | <ย 1.8.1+dfsg-3 | krb5_1.8.1+dfsg-3_all.deb |
| Debian | 13 | all | krb5 | <ย 1.8.1+dfsg-3 | krb5_1.8.1+dfsg-3_all.deb |
Related
redhat
redhat
(RHSA-2010:0423) Important: krb5 security update
2010-05-18 00:00:00
(RHSA-2010:0935) Moderate: java-1.4.2-ibm security update
2010-12-01 00:00:00
(RHSA-2011:0152) Moderate: java-1.4.2-ibm security update
2011-01-17 00:00:00
nessus
nessus
Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
CentOS 3 / 4 / 5 : krb5 (CESA-2010:0423)
2010-05-24 00:00:00
Fedora 12 : krb5-1.7.1-9.fc12 (2010-8805)
2010-07-01 00:00:00
openvas
openvas
Debian Security Advisory DSA 2052-1 (krb5)
2010-06-03 00:00:00
Mandriva Update for heimdal MDVSA-2010:130 (heimdal)
2010-07-12 00:00:00
RedHat Update for krb5 RHSA-2010:0423-01
2010-05-28 00:00:00
cvelist
cvelist
CVE-2010-1321
2010-05-19 18:13:00
securityvulns
securityvulns
MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref
2010-05-21 00:00:00
MIT Kerberos 5 GSS-API library DoS
2010-05-21 00:00:00
Heimdal Kerberos server DoS
2010-07-11 00:00:00
seebug
seebug
MIT Kerberos GSS-APIๆ ก้ชๅ็ฉบๆ้ๅผ็จๆ็ปๆๅกๆผๆด
2010-05-20 00:00:00
VMware ESX Service Consoleๅคไธชๅฎๅ
จๆผๆด
2012-01-13 00:00:00
cve
cve
CVE-2010-1321
2010-05-19 18:30:03
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:47:56
centos
centos
krb5 security update
2010-05-21 22:00:31
fedora
fedora
[SECURITY] Fedora 13 Update: krb5-1.7.1-10.fc13
2010-05-19 19:11:47
[SECURITY] Fedora 11 Update: krb5-1.6.3-31.fc11
2010-05-19 19:18:06
[SECURITY] Fedora 13 Update: krb5-1.7.1-16.fc13
2010-12-09 21:57:48
osv
osv
krb5 - denial of service
2010-05-24 00:00:00
nvd
nvd
CVE-2010-1321
2010-05-19 18:30:03
debian
debian
[SECURITY] [DSA 2052-1] New krb5 packages fix denial of service
2010-05-24 19:49:50
[SECURITY] [DSA 2052-1] New krb5 packages fix denial of service
2010-05-24 19:48:30
prion
prion
Null pointer dereference
2010-05-19 18:30:00
ubuntucve
ubuntucve
CVE-2010-1321
2010-05-18 00:00:00
oraclelinux
oraclelinux
krb5 security update
2010-05-18 00:00:00
ubuntu
ubuntu
Kerberos vulnerability
2010-07-21 00:00:00
Kerberos vulnerabilities
2010-05-19 00:00:00
suse
suse
Security update for krb5 (important)
2012-01-05 12:08:23
Security update for krb5 (important)
2012-01-05 12:35:50
remote code execution in java-1_6_0-ibm,java-1_5_0-ibm,java-1_4_2-ibm
2011-03-22 13:32:34
vmware
vmware
VMware ESX third party updates for Service Console
2010-08-31 00:00:00
VMware ESX third party updates for Service Console
2010-08-31 00:00:00
gentoo
gentoo
MIT Kerberos 5: Multiple vulnerabilities
2012-01-23 00:00:00
cisco
cisco
MIT Kerberos GSS-API Library Remote Denial of Service Vulnerability
2010-05-19 15:40:37
oracle
oracle
Oracle Critical Patch Update - January 2011
2011-01-18 00:00:00
Oracle Critical Patch Update - October 2010
2010-10-12 00:00:00
Oracle Critical Patch Update - July 2011
2011-12-15 00:00:00
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
0.01 Low
EPSS
Percentile
83.7%
Related for DEBIANCVE:CVE-2010-1321