what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

CVE-2010-1322

Status Candidate

Overview

The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.

Related Files

Gentoo Linux Security Advisory 201201-13
Posted Jan 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2011-4151
MD5 | 2ae92c1cf6aa850675b9c489b3eb7e1f
Mandriva Linux Security Advisory 2010-202
Posted Nov 3, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-202 - The merge_authdata function in kdc_authdata.c in the Key Distribution Center 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request, as demonstrated by a request from a Windows Active Directory client. The updated packages have been patched to correct this issue. Update packages for MES5 were missing with the MDVSA-2010:202 advisory. This advisory provides the update packages.

tags | advisory, remote, denial of service, arbitrary, spoof
systems | linux, windows, mandriva
advisories | CVE-2010-1322
MD5 | 042f46dc2f15ab02526656b8fc506eca
Mandriva Linux Security Advisory 2010-202
Posted Oct 14, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-202 - The merge_authdata function in kdc_authdata.c in the Key Distribution Center 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request, as demonstrated by a request from a Windows Active Directory client. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, arbitrary, spoof
systems | linux, windows, mandriva
advisories | CVE-2010-1322
MD5 | 08fa472fa70a5aa1af12496fc84cba16
Ubuntu Security Notice 999-1
Posted Oct 5, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 999-1 - Mike Roszkowski discovered that the Kerberos KDC did not correctly validate the contents of certain messages. If an authenticated remote attacker sent specially crafted TGS requests, the KDC service would crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2010-1322
MD5 | 7b1e451faaf87034587fd71dbddf2aa6
MIT krb5 Security Advisory 2010-006
Posted Oct 5, 2010
Site web.mit.edu

MIT krb5 Security Advisory 2010-006 - When the MIT krb5 KDC receives certain Kerberos TGS request messages, it may dereference an uninitialized pointer while processing authorization data, causing a crash, or in rare cases, unauthorized information disclosure, ticket modification, or execution of arbitrary code. The crash may be triggered by legitimate requests. This is an implementation vulnerability in MIT krb5, and not a vulnerability in the Kerberos protocol.

tags | advisory, arbitrary, protocol, info disclosure
advisories | CVE-2010-1322
MD5 | f695c431be057e39456eb0a96ef562ce
Page 1 of 1
Back1Next

File Archive:

August 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    1 Files
  • 2
    Aug 2nd
    7 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close