Exploit the possiblities
Showing 1 - 5 of 5 RSS Feed

CVE-2010-4021

Status Candidate

Overview

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."

Related Files

Gentoo Linux Security Advisory 201201-13
Posted Jan 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2011-4151
MD5 | 2ae92c1cf6aa850675b9c489b3eb7e1f
VMware Security Advisory 2011-0007
Posted Apr 29, 2011
Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0007 - VMware ESXi and ESX could encounter a socket exhaustion situation which may lead to a denial of service. Updates to Likewise components and to the ESX Service Console address security vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-2240, CVE-2010-4020, CVE-2010-4021, CVE-2011-1785, CVE-2011-1786
MD5 | 18fcd61472c2d3dc5117dfc507ce0b0f
Ubuntu Security Notice USN-1030-1
Posted Dec 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1030-1 - It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message. It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to forge GSS tokens or gain privileges. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that Kerberos did not reject RC4 key-derivation checksums. An authenticated remote user could use this issue to forge AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that Kerberos did not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user could use this flaw to impersonate a client. This issue only affected Ubuntu 9.10.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021
MD5 | f72ba646bdcdda4591d1e8ad8033a597
Mandriva Linux Security Advisory 2010-246
Posted Dec 1, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-246 - Multiple vulnerabilities were discovered and corrected in krb5. An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. An unauthenticated remote attacker has a 1/256 chance of forging KRB-SAFE messages in an application protocol if the targeted pre-existing session uses an RC4 session key. An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted pre-existing application session uses a DES session key. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, remote, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021
MD5 | 85d691e5ee29086d261810513a139025
MIT krb5 Security Advisory 2010-007
Posted Dec 1, 2010
Site web.mit.edu

Multiple checksum handling vulnerabilities exist in Kerberos. These vulnerabilities are in the MIT implementation of Kerberos (krb5), but because these vulnerabilities arise from flaws in protocol handling logic, other implementations may also be vulnerable.

tags | advisory, vulnerability, protocol
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4020, CVE-2010-4021
MD5 | 1897f1676de7fd163c070aba1c60fe1c
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    8 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close