CVE-2010-1323 - Vulnerability Details

MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mit	Kerberos Kerberos 5
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mit:kerberos:5-1.5.4:::::::*
	cpe:2.3:a:mit:kerberos_5:1.3:::::::*
	cpe:2.3:a:mit:kerberos_5:1.3:alpha1::::::
	cpe:2.3:a:mit:kerberos_5:1.3.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.3.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.3.3:::::::*
	cpe:2.3:a:mit:kerberos_5:1.3.4:::::::*
	cpe:2.3:a:mit:kerberos_5:1.3.5:::::::*
	cpe:2.3:a:mit:kerberos_5:1.3.6:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4.3:::::::*
	cpe:2.3:a:mit:kerberos_5:1.4.4:::::::*
	cpe:2.3:a:mit:kerberos_5:1.5:::::::*
	cpe:2.3:a:mit:kerberos_5:1.5.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.5.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.5.3:::::::*
	cpe:2.3:a:mit:kerberos_5:1.6:::::::*
	cpe:2.3:a:mit:kerberos_5:1.6.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.6.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.7:::::::*
	cpe:2.3:a:mit:kerberos_5:1.7.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.8:::::::*
	cpe:2.3:a:mit:kerberos_5:1.8.1:::::::*
	cpe:2.3:a:mit:kerberos_5:1.8.2:::::::*
	cpe:2.3:a:mit:kerberos_5:1.8.3:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
krb5-0:1.3.4-62.el4_8.3	cpe:/o:redhat:enterprise_linux:4	RHSA-2010:0926	2010-11-30T00:00:00Z
Red Hat Enterprise Linux 5
krb5-0:1.6.1-36.el5_5.6	cpe:/o:redhat:enterprise_linux:5	RHSA-2010:0926	2010-11-30T00:00:00Z
Red Hat Enterprise Linux 6
krb5-0:1.8.2-3.el6_0.3	cpe:/o:redhat:enterprise_linux:6	RHSA-2010:0925	2010-11-30T00:00:00Z

References

Link	Providers
http://kb.vmware.com/kb/1035108
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://marc.info/?l=bugtraq&m=129562442714657&w=2
http://marc.info/?l=bugtraq&m=130497213107107&w=2
http://osvdb.org/69610
http://secunia.com/advisories/42399
http://secunia.com/advisories/42420
http://secunia.com/advisories/42436
http://secunia.com/advisories/43015
http://secunia.com/advisories/46397
http://support.apple.com/kb/HT4581
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
http://www.debian.org/security/2010/dsa-2129
http://www.mandriva.com/security/advisories?name=MDVSA-2010:245
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.redhat.com/support/errata/RHSA-2010-0925.html
http://www.redhat.com/support/errata/RHSA-2010-0926.html
http://www.securityfocus.com/archive/1/514953/100/0/threaded
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.securityfocus.com/archive/1/520102/100/0/threaded
http://www.securityfocus.com/bid/45118
http://www.securitytracker.com/id?1024803
http://www.ubuntu.com/usn/USN-1030-1
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
http://www.vupen.com/english/advisories/2010/3094
http://www.vupen.com/english/advisories/2010/3095
http://www.vupen.com/english/advisories/2010/3101
http://www.vupen.com/english/advisories/2010/3118
http://www.vupen.com/english/advisories/2011/0187
https://nvd.nist.gov/vuln/detail/CVE-2010-1323
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121
https://www.cve.org/CVERecord?id=CVE-2010-1323

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-12-02T16:00:00

Updated: 2024-08-07T01:21:18.474Z

Reserved: 2010-04-08T00:00:00

Link: CVE-2010-1323

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-12-02T16:22:20.847

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-1323

Redhat

Severity : Moderate

Publid Date: 2010-11-30T00:00:00Z

Links: CVE-2010-1323 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SU-2012:0042", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"}, {"name": "ADV-2010-3094", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3094"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "MDVSA-2010:246", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"}, {"name": "FEDORA-2010-18425", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"}, {"name": "45118", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45118"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.vmware.com/kb/1035108"}, {"name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46397"}, {"name": "ADV-2010-3118", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3118"}, {"name": "SSRT100495", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "oval:org.mitre.oval:def:12121", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121"}, {"name": "ADV-2011-0187", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0187"}, {"name": "MDVSA-2010:245", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:245"}, {"name": "69610", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/69610"}, {"name": "20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"}, {"name": "RHSA-2010:0926", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0926.html"}, {"name": "SUSE-SR:2010:023", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"}, {"name": "APPLE-SA-2011-03-21-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"}, {"name": "42420", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42420"}, {"name": "HPSBUX02623", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"}, {"name": "SSRT100355", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"}, {"name": "ADV-2010-3095", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3095"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"name": "ADV-2010-3101", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3101"}, {"name": "42399", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42399"}, {"name": "SUSE-SU-2012:0010", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"}, {"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"}, {"name": "1024803", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024803"}, {"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"}, {"name": "FEDORA-2010-18409", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"}, {"name": "SUSE-SR:2010:024", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"name": "RHSA-2010:0925", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"}, {"name": "USN-1030-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1030-1"}, {"name": "HPSBOV02682", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "43015", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43015"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4581"}, {"name": "DSA-2129", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2129"}, {"name": "42436", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42436"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1323", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2012:0042", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"}, {"name": "ADV-2010-3094", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3094"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "MDVSA-2010:246", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"}, {"name": "FEDORA-2010-18425", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"}, {"name": "45118", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45118"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"name": "http://kb.vmware.com/kb/1035108", "refsource": "CONFIRM", "url": "http://kb.vmware.com/kb/1035108"}, {"name": "46397", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46397"}, {"name": "ADV-2010-3118", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3118"}, {"name": "SSRT100495", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "oval:org.mitre.oval:def:12121", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121"}, {"name": "ADV-2011-0187", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0187"}, {"name": "MDVSA-2010:245", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:245"}, {"name": "69610", "refsource": "OSVDB", "url": "http://osvdb.org/69610"}, {"name": "20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"}, {"name": "RHSA-2010:0926", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0926.html"}, {"name": "SUSE-SR:2010:023", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"}, {"name": "APPLE-SA-2011-03-21-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"}, {"name": "42420", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42420"}, {"name": "HPSBUX02623", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"}, {"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"}, {"name": "SSRT100355", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"}, {"name": "ADV-2010-3095", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3095"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"name": "ADV-2010-3101", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/3101"}, {"name": "42399", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42399"}, {"name": "SUSE-SU-2012:0010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"}, {"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"}, {"name": "1024803", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024803"}, {"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"}, {"name": "FEDORA-2010-18409", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"}, {"name": "SUSE-SR:2010:024", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"name": "RHSA-2010:0925", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"}, {"name": "USN-1030-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1030-1"}, {"name": "HPSBOV02682", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "43015", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43015"}, {"name": "http://support.apple.com/kb/HT4581", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4581"}, {"name": "DSA-2129", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2129"}, {"name": "42436", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42436"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:21:18.474Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SU-2012:0042", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"}, {"name": "ADV-2010-3094", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3094"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"name": "MDVSA-2010:246", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"}, {"name": "FEDORA-2010-18425", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"}, {"name": "45118", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45118"}, {"name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.vmware.com/kb/1035108"}, {"name": "46397", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46397"}, {"name": "ADV-2010-3118", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3118"}, {"name": "SSRT100495", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "oval:org.mitre.oval:def:12121", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121"}, {"name": "ADV-2011-0187", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0187"}, {"name": "MDVSA-2010:245", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:245"}, {"name": "69610", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/69610"}, {"name": "20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"}, {"name": "RHSA-2010:0926", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0926.html"}, {"name": "SUSE-SR:2010:023", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"}, {"name": "APPLE-SA-2011-03-21-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"}, {"name": "42420", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42420"}, {"name": "HPSBUX02623", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"}, {"name": "SSRT100355", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"}, {"name": "ADV-2010-3095", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3095"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"name": "ADV-2010-3101", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3101"}, {"name": "42399", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42399"}, {"name": "SUSE-SU-2012:0010", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"}, {"name": "[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"}, {"name": "1024803", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024803"}, {"name": "20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"}, {"name": "FEDORA-2010-18409", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"}, {"name": "SUSE-SR:2010:024", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"name": "RHSA-2010:0925", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"}, {"name": "USN-1030-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1030-1"}, {"name": "HPSBOV02682", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"name": "43015", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43015"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4581"}, {"name": "DSA-2129", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2129"}, {"name": "42436", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42436"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1323", "datePublished": "2010-12-02T16:00:00", "dateReserved": "2010-04-08T00:00:00", "dateUpdated": "2024-08-07T01:21:18.474Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos:5-1.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "5029A563-699D-4D65-8E94-01E44FD8EF01", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F01A83F-3BD1-4DED-979A-B4B6B23039FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*", "matchCriteriaId": "6B1422F8-CC87-46EA-8649-A12D6E47335D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "ACEB5A36-8F72-417A-AC92-149612EC7BCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "7B8704B5-F37B-4C61-A924-3774A29BFEB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F953CEBA-BAC0-48DF-A3D0-1FABCC9963E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "ED81A044-8A7B-4EEF-A4B3-EA49D76FAAED", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "30AA5727-BD83-45CF-B308-BA5F8A577B9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "0E088E64-6FBD-4148-8F78-506364B7BB1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "52F0EECF-7787-442B-9888-D22F7D36C3DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "EF344AED-BE00-4A9B-A9DE-C6FB0BEE4617", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "567406CA-58D8-453E-B36E-6D1D2EFC8EB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "7830E03F-A813-4E35-893E-BF27395CEFB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "7764411E-C056-4696-822E-235F2620FAC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "4DD315AE-868B-4061-BF01-CDBF59B02499", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B639DD5F-71C7-4D9B-BA5C-51CAF64140B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "2B904DCE-D59F-45C7-A814-DE42CF02792D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "9957FE9E-1E89-4C27-852C-44F866A1834E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "2C382DAA-68D2-4DD9-BE29-8EEB0BAF1A7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "73BB258E-51CF-4D12-836B-BCEA587A3F5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F81DE01C-BA3B-40B4-BD85-17692F0AF8A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "DFB1190E-BE7A-4C6B-862D-D5747C64E980", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "4B09C090-B842-43C7-B8A6-DBF63D80FEC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "36823B2B-5C72-4FF3-9301-FB263EB8CE09", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "59AFA33E-FEBC-45F5-9EC6-8AA363163FB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "04D83332-B2FD-4E86-A76C-C3F1CD3B3A31", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "758A0011-20ED-414A-9DF3-50A161DF8BC2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys."}, {"lang": "es", "value": "MIT Kerberos 5 (tambi\u00e9n conocido como krb5) v1.3.x, v1.4.x, v1.5.x, v1.6.x, v1.7.x, y v1.8.x hasta v1.8.3 no determina correctamente la aceptabilidad de las sumas de comprobaci\u00f3n, lo que podr\u00eda permitir a un atacante remoto modificar el user-visible prompt text, modificar una respuesta para el KDC (Key Distribution Center) o falsificar un mensaje KRB-SAFE mediante ciertas sumas de comprobaci\u00f3n que (1) est\u00e1n sin clave o (2) usan claves RC4."}], "id": "CVE-2010-1323", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2010-12-02T16:22:20.847", "references": [{"source": "cve@mitre.org", "url": "http://kb.vmware.com/kb/1035108"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"}, {"source": "cve@mitre.org", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/69610"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42399"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/42420"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/42436"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43015"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/46397"}, {"source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT4581"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2010/dsa-2129"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:245"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2010-0926.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/45118"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1024803"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1030-1"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/3094"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/3095"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/3101"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/3118"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0187"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.vmware.com/kb/1035108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.vmware.com/pipermail/security-announce/2011/000133.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=129562442714657&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/69610"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42420"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42436"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/43015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/46397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT4581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2129"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:245"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:246"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2010-0925.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2010-0926.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/514953/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/517739/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/45118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1024803"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1030-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/3094"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/3095"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/3101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/3118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0187"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank MIT Kerberos Team for reporting this issue.", "affected_release": [{"advisory": "RHSA-2010:0926", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "krb5-0:1.3.4-62.el4_8.3", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-11-30T00:00:00Z"}, {"advisory": "RHSA-2010:0926", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "krb5-0:1.6.1-36.el5_5.6", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-11-30T00:00:00Z"}, {"advisory": "RHSA-2010:0925", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "krb5-0:1.8.2-3.el6_0.3", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2010-11-30T00:00:00Z"}], "bugzilla": {"description": "krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007)", "id": "648734", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648734"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys."], "name": "CVE-2010-1323", "public_date": "2010-11-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-1323\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1323"], "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object