FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-1323

This CVE name corresponds to:

Entered Topic
2010-12-09 krb5 -- multiple checksum handling vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2010-1323 at cve.mitre.org

Details

Type Candidate
Name CVE-2010-1323
Phase Assigned(20100408)

Description

MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.

References

Source Reference
BUGTRAQ 20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]
BUGTRAQ 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
BUGTRAQ 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
MLIST [security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
CONFIRM http://support.apple.com/kb/HT4581
CONFIRM http://kb.vmware.com/kb/1035108
CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0007.html
CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0012.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
APPLE APPLE-SA-2011-03-21-1
DEBIAN DSA-2129
FEDORA FEDORA-2010-18409
FEDORA FEDORA-2010-18425
HP HPSBUX02623
HP SSRT100355
HP HPSBOV02682
HP SSRT100495
MANDRIVA MDVSA-2010:245
MANDRIVA MDVSA-2010:246
REDHAT RHSA-2010:0925
REDHAT RHSA-2010:0926
SUSE SUSE-SR:2010:023
SUSE SUSE-SR:2010:024
SUSE SUSE-SU-2012:0010
SUSE SUSE-SU-2012:0042
UBUNTU USN-1030-1
BID 45118
OSVDB 69610
OVAL oval:org.mitre.oval:def:12121
SECTRACK 1024803
SECUNIA 42399
SECUNIA 42420
SECUNIA 42436
SECUNIA 43015
SECUNIA 46397
VUPEN ADV-2010-3094
VUPEN ADV-2010-3095
VUPEN ADV-2010-3101
VUPEN ADV-2010-3118
VUPEN ADV-2011-0187

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.