CVE-2010-1324

moderate-risk
Published 2010-12-02

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

Do I need to act?

~
3.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.7/10 Low
NETWORK / HIGH complexity

Affected Products (6)

Affected Vendors

Mit

References (54)

http://kb.vmware.com/kb/1035108
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.h...
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.h...
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://marc.info/?l=bugtraq&m=129562442714657&w=2
http://osvdb.org/69609
Vendor Advisory http://secunia.com/advisories/42399
http://secunia.com/advisories/43015
http://support.apple.com/kb/HT4581
Vendor Advisory http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
Patch http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.redhat.com/support/errata/RHSA-2010-0925.html
http://www.securityfocus.com/archive/1/514953/100/0/threaded
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.securityfocus.com/bid/45116
http://www.securitytracker.com/id?1024803
and 34 more references
33
/ 100
moderate-risk
Severity 13/34 · Low
Exploitability 7/34 · Low
Exposure 13/34 · Low