4.3

CVE-2010-1324

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version1.7
MitKerberos 5 Version1.7.1
MitKerberos 5 Version1.8
MitKerberos 5 Version1.8.1
MitKerberos 5 Version1.8.2
MitKerberos 5 Version1.8.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.25% 0.806
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 2.2 1.4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://support.apple.com/kb/HT4581
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
http://kb.vmware.com/kb/1035108
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
http://marc.info/?l=bugtraq&m=129562442714657&w=2
http://secunia.com/advisories/42399
Vendor Advisory
http://secunia.com/advisories/43015
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0925.html
http://www.securityfocus.com/archive/1/514953/100/0/threaded
http://www.securitytracker.com/id?1024803
http://www.ubuntu.com/usn/USN-1030-1
http://www.vupen.com/english/advisories/2010/3094
http://www.vupen.com/english/advisories/2010/3095
http://www.vupen.com/english/advisories/2010/3118
http://www.vupen.com/english/advisories/2011/0187
http://osvdb.org/69609
http://www.securityfocus.com/bid/45116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936