CVE-2010-1321 - Vulnerability Details

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Fedoraproject	Fedora
Mit	Kerberos 5
Opensuse	Opensuse
Oracle	Database Server
Redhat	Enterprise Linux Network Satellite Rhel Extras
Suse	Linux Enterprise Server

Configuration 1 [-]

OR	cpe:2.3:a:mit:kerberos_5::::::::
	cpe:2.3:a:mit:kerberos_5::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04:::::::*

Configuration 4 [-]

cpe:2.3:a:oracle:database_server:-:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.0:::::::*
	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::-:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::

Configuration 6 [-]

OR	cpe:2.3:o:fedoraproject:fedora:11:::::::*
	cpe:2.3:o:fedoraproject:fedora:12:::::::*
	cpe:2.3:o:fedoraproject:fedora:13:::::::*

Package	CPE	Advisory	Released Date
Extras for RHEL 4
java-1.6.0-sun-1:1.6.0.22-1jpp.1.el4	cpe:/a:redhat:rhel_extras:4	RHSA-2010:0770	2010-10-14T00:00:00Z
java-1.5.0-ibm-1:1.5.0.12.2-1jpp.1.el4	cpe:/a:redhat:rhel_extras:4	RHSA-2010:0807	2010-10-27T00:00:00Z
java-1.4.2-ibm-0:1.4.2.13.7-1jpp.3.el4	cpe:/a:redhat:rhel_extras:4	RHSA-2010:0935	2010-12-01T00:00:00Z
java-1.6.0-ibm-1:1.6.0.9.0-1jpp.3.el4	cpe:/a:redhat:rhel_extras:4	RHSA-2010:0987	2010-12-15T00:00:00Z
java-1.4.2-ibm-0:1.4.2.13.8-1jpp.3.el4	cpe:/a:redhat:rhel_extras:4	RHSA-2011:0152	2011-01-17T00:00:00Z
Red Hat Enterprise Linux 3
krb5-0:1.2.7-72	cpe:/o:redhat:enterprise_linux:3	RHSA-2010:0423	2010-05-18T00:00:00Z
Red Hat Enterprise Linux 4
krb5-0:1.3.4-62.el4_8.2	cpe:/o:redhat:enterprise_linux:4	RHSA-2010:0423	2010-05-18T00:00:00Z
Red Hat Enterprise Linux 5
krb5-0:1.6.1-36.el5_5.4	cpe:/o:redhat:enterprise_linux:5	RHSA-2010:0423	2010-05-18T00:00:00Z
Red Hat Enterprise Linux 6 Supplementary
java-1.5.0-ibm-1:1.5.0.12.2-1jpp.1.el6	cpe:/a:redhat:rhel_extras:6	RHSA-2010:0873	2010-11-10T00:00:00Z
java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el6	cpe:/a:redhat:rhel_extras:6	RHSA-2010:0987	2010-12-15T00:00:00Z
Red Hat Network Satellite Server v 5.4
java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5	cpe:/a:redhat:network_satellite:5.4::el5	RHSA-2011:0880	2011-06-16T00:00:00Z
Supplementary for Red Hat Enterprise Linux 5
java-1.6.0-sun-1:1.6.0.22-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2010:0770	2010-10-14T00:00:00Z
java-1.5.0-ibm-1:1.5.0.12.2-1jpp.1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2010:0807	2010-10-27T00:00:00Z
java-1.4.2-ibm-0:1.4.2.13.7-1jpp.3.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2010:0935	2010-12-01T00:00:00Z
java-1.6.0-ibm-1:1.6.0.9.0-1jpp.3.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2010:0987	2010-12-15T00:00:00Z
java-1.4.2-ibm-0:1.4.2.13.8-1jpp.2.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2011:0152	2011-01-17T00:00:00Z

References

Link	Providers
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://osvdb.org/64744
http://secunia.com/advisories/39762
http://secunia.com/advisories/39784
http://secunia.com/advisories/39799
http://secunia.com/advisories/39818
http://secunia.com/advisories/39849
http://secunia.com/advisories/40346
http://secunia.com/advisories/40685
http://secunia.com/advisories/41967
http://secunia.com/advisories/42432
http://secunia.com/advisories/42974
http://secunia.com/advisories/43335
http://secunia.com/advisories/44954
http://support.avaya.com/css/P8/documents/100114315
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt
http://www.debian.org/security/2010/dsa-2052
http://www.mandriva.com/security/advisories?name=MDVSA-2010:100
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.redhat.com/support/errata/RHSA-2010-0423.html
http://www.redhat.com/support/errata/RHSA-2010-0770.html
http://www.redhat.com/support/errata/RHSA-2010-0807.html
http://www.redhat.com/support/errata/RHSA-2010-0873.html
http://www.redhat.com/support/errata/RHSA-2010-0935.html
http://www.redhat.com/support/errata/RHSA-2010-0987.html
http://www.redhat.com/support/errata/RHSA-2011-0152.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://www.securityfocus.com/archive/1/511331/100/0/threaded
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securityfocus.com/bid/40235
http://www.ubuntu.com/usn/USN-940-1
http://www.ubuntu.com/usn/USN-940-2
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
http://www.us-cert.gov/cas/techalerts/TA11-201A.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vupen.com/english/advisories/2010/1177
http://www.vupen.com/english/advisories/2010/1192
http://www.vupen.com/english/advisories/2010/1193
http://www.vupen.com/english/advisories/2010/1196
http://www.vupen.com/english/advisories/2010/1222
http://www.vupen.com/english/advisories/2010/1574
http://www.vupen.com/english/advisories/2010/1882
http://www.vupen.com/english/advisories/2010/3112
http://www.vupen.com/english/advisories/2011/0134
https://nvd.nist.gov/vuln/detail/CVE-2010-1321
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450
https://www.cve.org/CVERecord?id=CVE-2010-1321

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-05-19T18:13:00

Updated: 2024-08-07T01:21:18.983Z

Reserved: 2010-04-08T00:00:00

Link: CVE-2010-1321

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-05-19T18:30:03.303

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-1321

Redhat

Severity : Important

Publid Date: 2010-05-18T00:00:00Z

Links: CVE-2010-1321 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SU-2012:0042", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"}, {"name": "39818", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39818"}, {"name": "ADV-2011-0134", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0134"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/css/P8/documents/100114315"}, {"name": "39784", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39784"}, {"name": "USN-940-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-940-1"}, {"name": "HPSBMU02799", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"}, {"name": "20100518 MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/511331/100/0/threaded"}, {"name": "MDVSA-2010:100", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100"}, {"name": "TA11-201A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"}, {"name": "FEDORA-2010-8749", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html"}, {"name": "RHSA-2010:0770", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"}, {"name": "40685", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40685"}, {"name": "40235", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/40235"}, {"name": "FEDORA-2010-8796", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"}, {"name": "ADV-2010-1574", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1574"}, {"name": "oval:org.mitre.oval:def:7198", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198"}, {"name": "ADV-2010-1192", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1192"}, {"name": "39799", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39799"}, {"name": "ADV-2010-1196", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1196"}, {"name": "SUSE-SR:2010:013", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "SSRT100107", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"}, {"name": "39849", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39849"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"}, {"name": "RHSA-2010:0987", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"}, {"name": "44954", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44954"}, {"name": "USN-940-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-940-2"}, {"name": "42432", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42432"}, {"name": "oval:org.mitre.oval:def:7450", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450"}, {"name": "39762", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39762"}, {"name": "RHSA-2011:0880", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"}, {"name": "SUSE-SU-2012:0010", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"}, {"name": "RHSA-2010:0873", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "HPSBUX02544", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"}, {"name": "ADV-2010-1177", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1177"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"}, {"name": "42974", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42974"}, {"name": "ADV-2010-3112", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3112"}, {"name": "FEDORA-2010-8805", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"}, {"name": "TA10-287A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"}, {"name": "43335", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43335"}, {"name": "DSA-2052", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2052"}, {"name": "RHSA-2010:0423", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0423.html"}, {"name": "SUSE-SR:2010:019", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"name": "ADV-2010-1882", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1882"}, {"name": "RHSA-2011:0152", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"}, {"name": "40346", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40346"}, {"name": "oval:org.mitre.oval:def:11604", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"}, {"name": "41967", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41967"}, {"name": "RHSA-2010:0807", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"}, {"name": "RHSA-2010:0935", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"}, {"name": "64744", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/64744"}, {"name": "ADV-2010-1222", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1222"}, {"name": "ADV-2010-1193", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1193"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1321", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2012:0042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"}, {"name": "39818", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39818"}, {"name": "ADV-2011-0134", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0134"}, {"name": "http://support.avaya.com/css/P8/documents/100114315", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100114315"}, {"name": "39784", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39784"}, {"name": "USN-940-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-940-1"}, {"name": "HPSBMU02799", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"}, {"name": "20100518 MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/511331/100/0/threaded"}, {"name": "MDVSA-2010:100", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100"}, {"name": "TA11-201A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"}, {"name": "FEDORA-2010-8749", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html"}, {"name": "RHSA-2010:0770", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"}, {"name": "40685", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40685"}, {"name": "40235", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40235"}, {"name": "FEDORA-2010-8796", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"}, {"name": "ADV-2010-1574", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1574"}, {"name": "oval:org.mitre.oval:def:7198", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198"}, {"name": "ADV-2010-1192", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1192"}, {"name": "39799", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39799"}, {"name": "ADV-2010-1196", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1196"}, {"name": "SUSE-SR:2010:013", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "SSRT100107", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"}, {"name": "39849", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39849"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"}, {"name": "RHSA-2010:0987", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"}, {"name": "44954", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44954"}, {"name": "USN-940-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-940-2"}, {"name": "42432", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42432"}, {"name": "oval:org.mitre.oval:def:7450", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450"}, {"name": "39762", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39762"}, {"name": "RHSA-2011:0880", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"}, {"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"}, {"name": "SUSE-SU-2012:0010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"}, {"name": "RHSA-2010:0873", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"}, {"name": "SUSE-SR:2010:014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "HPSBUX02544", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"}, {"name": "ADV-2010-1177", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1177"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"}, {"name": "42974", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42974"}, {"name": "ADV-2010-3112", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3112"}, {"name": "FEDORA-2010-8805", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"}, {"name": "TA10-287A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"}, {"name": "43335", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43335"}, {"name": "DSA-2052", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2052"}, {"name": "RHSA-2010:0423", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0423.html"}, {"name": "SUSE-SR:2010:019", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"name": "ADV-2010-1882", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1882"}, {"name": "RHSA-2011:0152", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"}, {"name": "40346", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40346"}, {"name": "oval:org.mitre.oval:def:11604", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"}, {"name": "41967", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41967"}, {"name": "RHSA-2010:0807", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"}, {"name": "RHSA-2010:0935", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"}, {"name": "64744", "refsource": "OSVDB", "url": "http://osvdb.org/64744"}, {"name": "ADV-2010-1222", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1222"}, {"name": "ADV-2010-1193", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1193"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:21:18.983Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2012:0042", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"}, {"name": "39818", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39818"}, {"name": "ADV-2011-0134", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0134"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/css/P8/documents/100114315"}, {"name": "39784", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39784"}, {"name": "USN-940-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-940-1"}, {"name": "HPSBMU02799", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"}, {"name": "20100518 MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/511331/100/0/threaded"}, {"name": "MDVSA-2010:100", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100"}, {"name": "TA11-201A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"}, {"name": "FEDORA-2010-8749", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html"}, {"name": "RHSA-2010:0770", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"}, {"name": "40685", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40685"}, {"name": "40235", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/40235"}, {"name": "FEDORA-2010-8796", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"}, {"name": "ADV-2010-1574", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1574"}, {"name": "oval:org.mitre.oval:def:7198", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198"}, {"name": "ADV-2010-1192", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1192"}, {"name": "39799", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39799"}, {"name": "ADV-2010-1196", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1196"}, {"name": "SUSE-SR:2010:013", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "SSRT100107", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"}, {"name": "39849", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39849"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"}, {"name": "RHSA-2010:0987", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"}, {"name": "44954", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44954"}, {"name": "USN-940-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-940-2"}, {"name": "42432", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42432"}, {"name": "oval:org.mitre.oval:def:7450", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450"}, {"name": "39762", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39762"}, {"name": "RHSA-2011:0880", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"}, {"name": "SUSE-SU-2012:0010", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"}, {"name": "RHSA-2010:0873", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "HPSBUX02544", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"}, {"name": "ADV-2010-1177", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1177"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"}, {"name": "42974", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42974"}, {"name": "ADV-2010-3112", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3112"}, {"name": "FEDORA-2010-8805", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"}, {"name": "TA10-287A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"}, {"name": "43335", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43335"}, {"name": "DSA-2052", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2052"}, {"name": "RHSA-2010:0423", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0423.html"}, {"name": "SUSE-SR:2010:019", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"name": "ADV-2010-1882", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1882"}, {"name": "RHSA-2011:0152", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"}, {"name": "40346", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40346"}, {"name": "oval:org.mitre.oval:def:11604", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"}, {"name": "41967", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41967"}, {"name": "RHSA-2010:0807", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"}, {"name": "RHSA-2010:0935", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"}, {"name": "64744", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/64744"}, {"name": "ADV-2010-1222", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1222"}, {"name": "ADV-2010-1193", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1193"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1321", "datePublished": "2010-05-19T18:13:00", "dateReserved": "2010-04-08T00:00:00", "dateUpdated": "2024-08-07T01:21:18.983Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B85FF4C-B0FC-4C93-A0D8-B8F3408DE2F1", "versionEndIncluding": "1.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0EAF595-C746-44D3-914A-AF2FA8D61CE2", "versionEndExcluding": "1.8.2", "versionStartIncluding": "1.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*", "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*", "matchCriteriaId": "A9BD9DD2-B468-4732-ABB1-742D83709B54", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:database_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A0FBE74-4AB1-45B3-82BA-8034BB677130", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", "matchCriteriaId": "79A35457-EAA3-4BF9-A4DA-B2E414A75A02", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n \"kg_accept_krb5\" en \"krb5/accept_sec_context.c\" de la librer\u00eda GSS-API en MIT Kerberos v5 (tambi\u00e9n conocido como krb5) a trav\u00e9s de v1.7.1 y v1.8 anterior a v1.8.2, como los usados en \"kadmind\" y otras aplicaciones, no comprueban adecuadamente vales (tokens) GSS-API inv\u00e1lidos, que permiten a usuarios autenticados remotamente causar una denegaci\u00f3n de servicio (referencia a puntero nulo y ca\u00edda del demonio) a trav\u00e9s de un mensaje AP-REQ en el cual se pierde el campo \"checksum\" del usuario autenticado."}], "id": "CVE-2010-1321", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-05-19T18:30:03.303", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://osvdb.org/64744"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39762"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39784"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39799"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39818"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39849"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/40346"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/40685"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/41967"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42432"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42974"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43335"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44954"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/css/P8/documents/100114315"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-2052"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0423.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/511331/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/40235"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-940-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-940-2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1177"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1192"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1193"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1196"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1222"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1574"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1882"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3112"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0134"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://osvdb.org/64744"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39762"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39799"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39818"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39849"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/40346"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/40685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/41967"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/42974"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/43335"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/44954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/css/P8/documents/100114315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-2052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:100"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0423.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0873.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0935.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0152.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/511331/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/40235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-940-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-940-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1177"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1193"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1882"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0134"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank MIT Kerberos Team for reporting this issue. Upstream acknowledges Shawn Emery (Oracle) as the original reporter.", "affected_release": [{"advisory": "RHSA-2010:0770", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.6.0-sun-1:1.6.0.22-1jpp.1.el4", "product_name": "Extras for RHEL 4", "release_date": "2010-10-14T00:00:00Z"}, {"advisory": "RHSA-2010:0807", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.5.0-ibm-1:1.5.0.12.2-1jpp.1.el4", "product_name": "Extras for RHEL 4", "release_date": "2010-10-27T00:00:00Z"}, {"advisory": "RHSA-2010:0935", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.4.2-ibm-0:1.4.2.13.7-1jpp.3.el4", "product_name": "Extras for RHEL 4", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0987", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.6.0-ibm-1:1.6.0.9.0-1jpp.3.el4", "product_name": "Extras for RHEL 4", "release_date": "2010-12-15T00:00:00Z"}, {"advisory": "RHSA-2011:0152", "cpe": "cpe:/a:redhat:rhel_extras:4", "package": "java-1.4.2-ibm-0:1.4.2.13.8-1jpp.3.el4", "product_name": "Extras for RHEL 4", "release_date": "2011-01-17T00:00:00Z"}, {"advisory": "RHSA-2010:0423", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "krb5-0:1.2.7-72", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2010-05-18T00:00:00Z"}, {"advisory": "RHSA-2010:0423", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "krb5-0:1.3.4-62.el4_8.2", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-05-18T00:00:00Z"}, {"advisory": "RHSA-2010:0423", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "krb5-0:1.6.1-36.el5_5.4", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-05-18T00:00:00Z"}, {"advisory": "RHSA-2010:0873", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.5.0-ibm-1:1.5.0.12.2-1jpp.1.el6", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2010-11-10T00:00:00Z"}, {"advisory": "RHSA-2010:0987", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "java-1.6.0-ibm-1:1.6.0.9.0-1jpp.4.el6", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2010-12-15T00:00:00Z"}, {"advisory": "RHSA-2011:0880", "cpe": "cpe:/a:redhat:network_satellite:5.4::el5", "package": "java-1.6.0-ibm-1:1.6.0.9.1-1jpp.1.el5", "product_name": "Red Hat Network Satellite Server v 5.4", "release_date": "2011-06-16T00:00:00Z"}, {"advisory": "RHSA-2010:0770", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-sun-1:1.6.0.22-1jpp.1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2010-10-14T00:00:00Z"}, {"advisory": "RHSA-2010:0807", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.5.0-ibm-1:1.5.0.12.2-1jpp.1.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2010-10-27T00:00:00Z"}, {"advisory": "RHSA-2010:0935", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.4.2-ibm-0:1.4.2.13.7-1jpp.3.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2010-12-01T00:00:00Z"}, {"advisory": "RHSA-2010:0987", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.6.0-ibm-1:1.6.0.9.0-1jpp.3.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2010-12-15T00:00:00Z"}, {"advisory": "RHSA-2011:0152", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "java-1.4.2-ibm-0:1.4.2.13.8-1jpp.2.el5", "product_name": "Supplementary for Red Hat Enterprise Linux 5", "release_date": "2011-01-17T00:00:00Z"}], "bugzilla": {"description": "krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)", "id": "582466", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=582466"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-476", "details": ["The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing."], "name": "CVE-2010-1321", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2010-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-1321\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1321"], "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object