exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2010-1324

Status Candidate

Overview

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

Related Files

Gentoo Linux Security Advisory 201201-13
Posted Jan 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2011-4151
SHA-256 | 5fe5b981b497ad572aa4e53428ce29f2dcd53be74dc124715f4b3cff09100dd9
VMware Security Advisory 2011-0007
Posted Apr 29, 2011
Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0007 - VMware ESXi and ESX could encounter a socket exhaustion situation which may lead to a denial of service. Updates to Likewise components and to the ESX Service Console address security vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-2240, CVE-2010-4020, CVE-2010-4021, CVE-2011-1785, CVE-2011-1786
SHA-256 | 5f83afe772b762282a93600a631d74790ef776e16da02e857f1d10bca8105619
HP Security Bulletin HPSBUX02623 SSRT100355
Posted Jan 21, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02623 SSRT100355 - Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited remotely by an unauthorized user to modify data, prompts, or responses. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | hpux
advisories | CVE-2010-1324
SHA-256 | ca37343919cb6c61d84b03811584ab2585bc29f680b21c684e58134373eec5f4
Ubuntu Security Notice USN-1030-1
Posted Dec 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1030-1 - It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message. It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to forge GSS tokens or gain privileges. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that Kerberos did not reject RC4 key-derivation checksums. An authenticated remote user could use this issue to forge AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that Kerberos did not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user could use this flaw to impersonate a client. This issue only affected Ubuntu 9.10.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021
SHA-256 | 0108dfeeaad01084183ff13d7fb3e198e3fb0c846d0cc72b52a44bc1fba083cb
Mandriva Linux Security Advisory 2010-246
Posted Dec 1, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-246 - Multiple vulnerabilities were discovered and corrected in krb5. An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. An unauthenticated remote attacker has a 1/256 chance of forging KRB-SAFE messages in an application protocol if the targeted pre-existing session uses an RC4 session key. An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted pre-existing application session uses a DES session key. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, remote, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021
SHA-256 | 100c7557ed59ca637d4f6b0069c888d50046989349e8acc0e9bed9cabffe8976
MIT krb5 Security Advisory 2010-007
Posted Dec 1, 2010
Site web.mit.edu

Multiple checksum handling vulnerabilities exist in Kerberos. These vulnerabilities are in the MIT implementation of Kerberos (krb5), but because these vulnerabilities arise from flaws in protocol handling logic, other implementations may also be vulnerable.

tags | advisory, vulnerability, protocol
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4020, CVE-2010-4021
SHA-256 | df6ccc1619d5bc92b3ec89421e803287d181c7ce6fa6677e04ea80150ebc84bb
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close