PRIOn knowledge basePRION:CVE-2010-1324Code injection
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kerberos_5 | eq | 1.7 | |
| kerberos_5 | eq | 1.7.1 | |
| kerberos_5 | eq | 1.8 | |
| kerberos_5 | eq | 1.8.1 | |
| kerberos_5 | eq | 1.8.2 | |
| kerberos_5 | eq | 1.8.3 |
References
kb.vmware.com/kb/1035108
lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
lists.vmware.com/pipermail/security-announce/2011/000133.html
osvdb.org/69609
secunia.com/advisories/42399
secunia.com/advisories/43015
support.apple.com/kb/HT4581
web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
www.mandriva.com/security/advisories?name=MDVSA-2010:246
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
www.redhat.com/support/errata/RHSA-2010-0925.html
www.securityfocus.com/archive/1/514953/100/0/threaded
www.securityfocus.com/archive/1/517739/100/0/threaded
www.securityfocus.com/bid/45116
www.securitytracker.com/id?1024803
www.ubuntu.com/usn/USN-1030-1
www.vmware.com/security/advisories/VMSA-2011-0007.html
www.vupen.com/english/advisories/2010/3094
www.vupen.com/english/advisories/2010/3095
www.vupen.com/english/advisories/2010/3118
www.vupen.com/english/advisories/2011/0187
lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
marc.info/?l=bugtraq&m=129562442714657&w=2
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
Related
