CVE-2010-1321 - Secunia

Blog

Careers

Secunia SmallBusiness

Products

Solutions

Customers

Partner

Resources

Company

Careers

Community

CVE Reference: CVE-2010-1321
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2010-1321

Description: The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/USN-940-1 http://www.ubuntu.com/usn/USN-940-2 SUSE http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SAID Secunia Advisory: SA44954 Secunia Advisory: SA42974 Secunia Advisory: SA43335 Secunia Advisory: SA42432 Secunia Advisory: SA41967 Secunia Advisory: SA40685 Secunia Advisory: SA40346 Secunia Advisory: SA39849 Secunia Advisory: SA39799 Secunia Advisory: SA39784 Secunia Advisory: SA39818 Secunia Advisory: SA39762 REDHAT http://www.redhat.com/support/errata/RHSA-2011-0880.html http://www.redhat.com/support/errata/RHSA-2010-0873.html http://www.redhat.com/support/errata/RHSA-2010-0935.html http://www.redhat.com/support/errata/RHSA-2011-0152.html http://www.redhat.com/support/errata/RHSA-2010-0987.html http://www.redhat.com/support/errata/RHSA-2010-0807.html http://www.redhat.com/support/errata/RHSA-2010-0770.html http://www.redhat.com/support/errata/RHSA-2010-0423.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7450 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7198 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11604 OSVDB 64744 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:100 HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html DEBIAN http://www.debian.org/security/2010/dsa-2052 CONFIRM http://support.avaya.com/css/P8/documents/100114315 http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.vmware.com/security/advisories/VMSA-2011-0003.html http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt CERT http://www.us-cert.gov/cas/techalerts/TA11-201A.html http://www.us-cert.gov/cas/techalerts/TA10-287A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/511331/100/0/threaded BID 40235

Return to the previous page.

Products

Solutions

Customers

Partner

Resources

Company

Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)

Industry
Compliance
Technology
Integration

Customers
Testimonials

VARS
MSSP
Technology Partners
References

Factsheets
Reports
Webinars
Events

About us
Careers
Memberships
Newsroom

© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability