what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2010-4021

Status Candidate

Overview

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."

Related Files

Gentoo Linux Security Advisory 201201-13
Posted Jan 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2011-4151
SHA-256 | 5fe5b981b497ad572aa4e53428ce29f2dcd53be74dc124715f4b3cff09100dd9
VMware Security Advisory 2011-0007
Posted Apr 29, 2011
Authored by VMware | Site vmware.com

VMware Security Advisory 2011-0007 - VMware ESXi and ESX could encounter a socket exhaustion situation which may lead to a denial of service. Updates to Likewise components and to the ESX Service Console address security vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-2240, CVE-2010-4020, CVE-2010-4021, CVE-2011-1785, CVE-2011-1786
SHA-256 | 5f83afe772b762282a93600a631d74790ef776e16da02e857f1d10bca8105619
Ubuntu Security Notice USN-1030-1
Posted Dec 10, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1030-1 - It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message. It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to forge GSS tokens or gain privileges. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that Kerberos did not reject RC4 key-derivation checksums. An authenticated remote user could use this issue to forge AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that Kerberos did not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user could use this flaw to impersonate a client. This issue only affected Ubuntu 9.10.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021
SHA-256 | 0108dfeeaad01084183ff13d7fb3e198e3fb0c846d0cc72b52a44bc1fba083cb
Mandriva Linux Security Advisory 2010-246
Posted Dec 1, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-246 - Multiple vulnerabilities were discovered and corrected in krb5. An unauthenticated remote attacker could alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. An unauthenticated remote attacker has a 1/256 chance of forging KRB-SAFE messages in an application protocol if the targeted pre-existing session uses an RC4 session key. An unauthenticated remote attacker can forge GSS tokens that are intended to be integrity-protected but unencrypted, if the targeted pre-existing application session uses a DES session key. Various other issues have also been addressed. The updated packages have been patched to correct these issues.

tags | advisory, remote, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021
SHA-256 | 100c7557ed59ca637d4f6b0069c888d50046989349e8acc0e9bed9cabffe8976
MIT krb5 Security Advisory 2010-007
Posted Dec 1, 2010
Site web.mit.edu

Multiple checksum handling vulnerabilities exist in Kerberos. These vulnerabilities are in the MIT implementation of Kerberos (krb5), but because these vulnerabilities arise from flaws in protocol handling logic, other implementations may also be vulnerable.

tags | advisory, vulnerability, protocol
advisories | CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4020, CVE-2010-4021
SHA-256 | df6ccc1619d5bc92b3ec89421e803287d181c7ce6fa6677e04ea80150ebc84bb
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    12 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close