FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

krb5 -- unkeyed PAC checksum handling vulnerability

Affected packages
1.7.0 <= krb5 < 1.7.2

Details

VuXML ID 9f971cea-03f5-11e0-bf50-001a926c7637
Discovery 2010-11-30
Entry 2010-12-09

The MIT Kerberos team reports:

MIT krb5 incorrectly accepts an unkeyed checksum for PAC signatures.

An authenticated remote attacker can forge PACs if using a KDC that does not filter client-provided PAC data. This can result in privilege escalation against a service that relies on PAC contents to make authorization decisions.

References

Bugtraq ID 45116
CVE Name CVE-2010-1324
URL http://osvdb.org/69609
URL http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt