MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
References
Link Providers
http://kb.vmware.com/kb/1035108 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html cve-icon cve-icon
http://lists.vmware.com/pipermail/security-announce/2011/000133.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=129562442714657&w=2 cve-icon cve-icon
http://osvdb.org/69609 cve-icon cve-icon
http://secunia.com/advisories/42399 cve-icon cve-icon
http://secunia.com/advisories/43015 cve-icon cve-icon
http://support.apple.com/kb/HT4581 cve-icon cve-icon
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0925.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/514953/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/517739/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/45116 cve-icon cve-icon
http://www.securitytracker.com/id?1024803 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1030-1 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2011-0007.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3094 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3095 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3118 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0187 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2010-1324 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2010-1324 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-12-02T16:00:00

Updated: 2024-08-07T01:21:18.670Z

Reserved: 2010-04-08T00:00:00

Link: CVE-2010-1324

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-12-02T16:22:20.880

Modified: 2024-11-21T01:14:08.860

Link: CVE-2010-1324

cve-icon Redhat

Severity : Important

Publid Date: 2010-11-30T00:00:00Z

Links: CVE-2010-1324 - Bugzilla