CVE-2010-1324

2010-12-0200:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly
determine the acceptability of checksums, which might allow remote
attackers to forge GSS tokens, gain privileges, or have unspecified other
impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a
KrbFastArmoredReq checksum based on an RC4 key.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553>

Notes

Author	Note
mdeslaur	1.7 and newer

OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchkrb5< 1.7dfsg~beta3-1ubuntu0.7UNKNOWN
ubuntu10.04noarchkrb5< 1.8.1+dfsg-2ubuntu0.4UNKNOWN
ubuntu10.10noarchkrb5< 1.8.1+dfsg-5ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.10	noarch	krb5	< 1.7dfsg~beta3-1ubuntu0.7	UNKNOWN
ubuntu	10.04	noarch	krb5	< 1.8.1+dfsg-2ubuntu0.4	UNKNOWN
ubuntu	10.10	noarch	krb5	< 1.8.1+dfsg-5ubuntu0.2	UNKNOWN