Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-1324

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://web.mit.edu/ker...
MANDRIVA: MDVSA-2010:246
REDHAT: RHSA-2010:0925
BID: 45116
OSVDB: 69609
SECUNIA: 42399
SECTRACK: 1024803
VUPEN: ADV-2010-3094
VUPEN: ADV-2010-3095
VUPEN: ADV-2010-3118
FEDORA: FEDORA-2010-18409
FEDORA: FEDORA-2010-18425
UBUNTU: USN-1030-1
SUSE: SUSE-SR:2010:023
SUSE: SUSE-SR:2010:024
SECUNIA: 43015
VUPEN: ADV-2011-0187
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2011-03-21-1
MLIST: [security-announce] 20...
CONFIRM: http://kb.vmware.com/k...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://www.oracle.com/...
HP: HPSBUX02623
HP: SSRT100355
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20101130 MITKRB5-SA-20...
BUGTRAQ: 20110428 VMSA-2011-000...

Launchpad.net

CVE 2010-1324

Related bugs

References