FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2010-1324

This CVE name corresponds to:

Entered Topic
2010-12-09 krb5 -- multiple checksum handling vulnerabilities
krb5 -- unkeyed PAC checksum handling vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2010-1324
Phase Assigned(20100408)

Description

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

References

Source Reference
BUGTRAQ 20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]
BUGTRAQ 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
MLIST [security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
CONFIRM http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
CONFIRM http://support.apple.com/kb/HT4581
CONFIRM http://kb.vmware.com/kb/1035108
CONFIRM http://www.vmware.com/security/advisories/VMSA-2011-0007.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
APPLE APPLE-SA-2011-03-21-1
FEDORA FEDORA-2010-18409
FEDORA FEDORA-2010-18425
HP HPSBUX02623
HP SSRT100355
MANDRIVA MDVSA-2010:246
REDHAT RHSA-2010:0925
SUSE SUSE-SR:2010:023
SUSE SUSE-SR:2010:024
UBUNTU USN-1030-1
BID 45116
OSVDB 69609
OVAL oval:org.mitre.oval:def:11936
SECTRACK 1024803
SECUNIA 42399
SECUNIA 43015
VUPEN ADV-2010-3094
VUPEN ADV-2010-3095
VUPEN ADV-2010-3118
VUPEN ADV-2011-0187