Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-4020

MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://web.mit.edu/ker...
MANDRIVA: MDVSA-2010:246
REDHAT: RHSA-2010:0925
BID: 45117
OSVDB: 69608
SECUNIA: 42399
SECTRACK: 1024803
VUPEN: ADV-2010-3094
VUPEN: ADV-2010-3095
VUPEN: ADV-2010-3118
FEDORA: FEDORA-2010-18409
FEDORA: FEDORA-2010-18425
UBUNTU: USN-1030-1
SUSE: SUSE-SR:2010:023
SUSE: SUSE-SR:2010:024
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2011-03-21-1
MLIST: [security-announce] 20...
CONFIRM: http://kb.vmware.com/k...
CONFIRM: http://www.vmware.com/...
CONFIRM: http://www.oracle.com/...
BUGTRAQ: 20101130 MITKRB5-SA-20...
BUGTRAQ: 20110428 VMSA-2011-000...

Launchpad.net

CVE 2010-4020

Related bugs

References