CVE-2010-1321

 

Published at: - 19-05-2010 08:30

Last modified: - 19-10-2022 04:59

Total changes: - 3

Description

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:N/I:N/A:C

 

Verification logic

 

Reference

• http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt
• MDVSA-2010:100-Third Party Advisory
• RHSA-2010:0423-Third Party Advisory
• 40235-Third Party Advisory, VDB Entry
• FEDORA-2010-8749-Third Party Advisory
• 39762-Third Party Advisory
• 64744-Broken Link
• 39818-Third Party Advisory
• ADV-2010-1193-Third Party Advisory
• FEDORA-2010-8796-Third Party Advisory
• FEDORA-2010-8805-Third Party Advisory
• ADV-2010-1196-Third Party Advisory
• ADV-2010-1177-Third Party Advisory
• ADV-2010-1192-Third Party Advisory
• 39784-Third Party Advisory
• 39799-Third Party Advisory
• USN-940-1-Third Party Advisory
• 39849-Third Party Advisory
• ADV-2010-1222-Third Party Advisory
• DSA-2052-Third Party Advisory
• SUSE-SR:2010:013-Mailing List, Third Party Advisory
• ADV-2010-1574-Third Party Advisory
• 40346-Third Party Advisory
• SSRT100107-Broken Link
• USN-940-2-Third Party Advisory
• ADV-2010-1882-Third Party Advisory
• 40685-Third Party Advisory
• SUSE-SR:2010:014-Mailing List, Third Party Advisory
• http://support.avaya.com/css/P8/documents/100114315
• RHSA-2010:0770-Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
• TA10-287A-Third Party Advisory, US Government Resource
• 41967-Third Party Advisory
• RHSA-2010:0807-Third Party Advisory
• RHSA-2010:0935-Third Party Advisory
• RHSA-2010:0873-Third Party Advisory
• ADV-2010-3112-Third Party Advisory
• 42432-Third Party Advisory
• SUSE-SR:2010:019-Mailing List, Third Party Advisory
• RHSA-2010:0987-Third Party Advisory
• ADV-2011-0134-Third Party Advisory
• RHSA-2011:0152-Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
• 42974-Third Party Advisory
• http://www.vmware.com/security/advisories/VMSA-2011-0003.html
• 43335-Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
• RHSA-2011:0880-Third Party Advisory
• TA11-201A-Third Party Advisory, US Government Resource
• 44954-Third Party Advisory
• SUSE-SU-2012:0010-Mailing List, Third Party Advisory
• SUSE-SU-2012:0042-Mailing List, Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
• HPSBMU02799-Issue Tracking, Third Party Advisory
• oval:org.mitre.oval:def:7450-Broken Link, Third Party Advisory
• oval:org.mitre.oval:def:7198-Broken Link, Third Party Advisory
• oval:org.mitre.oval:def:11604-Broken Link, Third Party Advisory
• 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX-Third Party Advisory, VDB Entry
• 20100518 MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref-Third Party Advisory, VDB Entry

 

Keywords

NVD

 

CVE-2010-1321

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures