4.3
CVE-2010-1324
- EPSS 2.25%
- Veröffentlicht 02.12.2010 16:22:20
- Zuletzt bearbeitet 16.06.2026 23:18:08
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mit ≫ Kerberos 5 Version1.7
Mit ≫ Kerberos 5 Version1.7.1
Mit ≫ Kerberos 5 Version1.8
Mit ≫ Kerberos 5 Version1.8.1
Mit ≫ Kerberos 5 Version1.8.2
Mit ≫ Kerberos 5 Version1.8.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.25% | 0.806 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.7 | 2.2 | 1.4 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
http://support.apple.com/kb/HT4581
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
http://www.securityfocus.com/archive/1/517739/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
http://kb.vmware.com/kb/1035108
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
http://marc.info/?l=bugtraq&m=129562442714657&w=2
http://secunia.com/advisories/42399
http://secunia.com/advisories/43015
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.redhat.com/support/errata/RHSA-2010-0925.html
http://www.securityfocus.com/archive/1/514953/100/0/threaded
http://www.securitytracker.com/id?1024803
http://www.ubuntu.com/usn/USN-1030-1
http://www.vupen.com/english/advisories/2010/3094
http://www.vupen.com/english/advisories/2010/3095
http://www.vupen.com/english/advisories/2010/3118
http://www.vupen.com/english/advisories/2011/0187
http://osvdb.org/69609
http://www.securityfocus.com/bid/45116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936