// For flags

CVE-2010-1321

krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

Vulnerabilidad en la función "kg_accept_krb5" en "krb5/accept_sec_context.c" de la librería GSS-API en MIT Kerberos v5 (también conocido como krb5) a través de v1.7.1 y v1.8 anterior a v1.8.2, como los usados en "kadmind" y otras aplicaciones, no comprueban adecuadamente vales (tokens) GSS-API inválidos, que permiten a usuarios autenticados remotamente causar una denegación de servicio (referencia a puntero nulo y caída del demonio) a través de un mensaje AP-REQ en el cual se pierde el campo "checksum" del usuario autenticado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Complete
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-04-08 CVE Reserved
  • 2010-05-19 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
References (61)
URL Tag Source
http://osvdb.org/64744 Broken Link
http://secunia.com/advisories/39762 Third Party Advisory
http://secunia.com/advisories/39784 Third Party Advisory
http://secunia.com/advisories/39799 Third Party Advisory
http://secunia.com/advisories/39818 Third Party Advisory
http://secunia.com/advisories/39849 Third Party Advisory
http://secunia.com/advisories/40346 Third Party Advisory
http://secunia.com/advisories/40685 Third Party Advisory
http://secunia.com/advisories/41967 Third Party Advisory
http://secunia.com/advisories/42432 Third Party Advisory
http://secunia.com/advisories/42974 Third Party Advisory
http://secunia.com/advisories/43335 Third Party Advisory
http://secunia.com/advisories/44954 Third Party Advisory
http://support.avaya.com/css/P8/documents/100114315 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html Third Party Advisory
http://www.securityfocus.com/archive/1/511331/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/516397/100/0/threaded Mailing List
http://www.securityfocus.com/bid/40235 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA10-287A.html Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA11-201A.html Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2011-0003.html Third Party Advisory
http://www.vupen.com/english/advisories/2010/1177 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1192 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1193 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1196 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1222 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1574 Third Party Advisory
http://www.vupen.com/english/advisories/2010/1882 Third Party Advisory
http://www.vupen.com/english/advisories/2010/3112 Third Party Advisory
http://www.vupen.com/english/advisories/2011/0134 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450 Broken Link
URL Date SRC
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 2021-02-02
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html 2021-02-02
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html 2021-02-02
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html 2021-02-02
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html 2021-02-02
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html 2021-02-02
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html 2021-02-02
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html 2021-02-02
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html 2021-02-02
http://marc.info/?l=bugtraq&m=134254866602253&w=2 2021-02-02
http://www.debian.org/security/2010/dsa-2052 2021-02-02
http://www.mandriva.com/security/advisories?name=MDVSA-2010:100 2021-02-02
http://www.redhat.com/support/errata/RHSA-2010-0423.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2010-0770.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2010-0807.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2010-0873.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2010-0935.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2010-0987.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2011-0152.html 2021-02-02
http://www.redhat.com/support/errata/RHSA-2011-0880.html 2021-02-02
http://www.ubuntu.com/usn/USN-940-1 2021-02-02
http://www.ubuntu.com/usn/USN-940-2 2021-02-02
https://access.redhat.com/security/cve/CVE-2010-1321 2011-06-16
https://bugzilla.redhat.com/show_bug.cgi?id=582466 2011-06-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mit
Search vendor "Mit"
Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
<= 1.7.1
Search vendor "Mit" for product "Kerberos 5" and version " <= 1.7.1"
-
Affected
Mit
Search vendor "Mit"
Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
>= 1.8 < 1.8.2
Search vendor "Mit" for product "Kerberos 5" and version " >= 1.8 < 1.8.2"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
5.0
Search vendor "Debian" for product "Debian Linux" and version "5.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
6.0
Search vendor "Debian" for product "Debian Linux" and version "6.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
9.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
9.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
10.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
--
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
11.0
Search vendor "Opensuse" for product "Opensuse" and version "11.0"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
11.1
Search vendor "Opensuse" for product "Opensuse" and version "11.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
11.2
Search vendor "Opensuse" for product "Opensuse" and version "11.2"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
11.3
Search vendor "Opensuse" for product "Opensuse" and version "11.3"
-
Affected
Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
10
Search vendor "Suse" for product "Linux Enterprise Server" and version "10"
sp3
Affected
Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
11
Search vendor "Suse" for product "Linux Enterprise Server" and version "11"
-
Affected
Suse
Search vendor "Suse"
Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
11
Search vendor "Suse" for product "Linux Enterprise Server" and version "11"
sp1
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
11
Search vendor "Fedoraproject" for product "Fedora" and version "11"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
12
Search vendor "Fedoraproject" for product "Fedora" and version "12"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
13
Search vendor "Fedoraproject" for product "Fedora" and version "13"
-
Affected