// For flags

CVE-2010-1323

krb5: incorrect acceptance of certain checksums (MITKRB5-SA-2010-007)

Severity Score

3.7
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.

MIT Kerberos 5 (también conocido como krb5) v1.3.x, v1.4.x, v1.5.x, v1.6.x, v1.7.x, y v1.8.x hasta v1.8.3 no determina correctamente la aceptabilidad de las sumas de comprobación, lo que podría permitir a un atacante remoto modificar el user-visible prompt text, modificar una respuesta para el KDC (Key Distribution Center) o falsificar un mensaje KRB-SAFE mediante ciertas sumas de comprobación que (1) están sin clave o (2) usan claves RC4.

It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message. It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to forge GSS tokens or gain privileges. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that Kerberos did not reject RC4 key-derivation checksums. An authenticated remote user could use this issue to forge AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that Kerberos did not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user could use this flaw to impersonate a client. This issue only affected Ubuntu 9.10.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-04-08 CVE Reserved
  • 2010-12-01 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-07-18 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
References (41)
URL Tag Source
http://kb.vmware.com/kb/1035108 X_refsource_confirm
http://lists.vmware.com/pipermail/security-announce/2011/000133.html Mailing List
http://osvdb.org/69610 Vdb Entry
http://secunia.com/advisories/42420 Third Party Advisory
http://secunia.com/advisories/42436 Third Party Advisory
http://secunia.com/advisories/43015 Third Party Advisory
http://secunia.com/advisories/46397 Third Party Advisory
http://support.apple.com/kb/HT4581 X_refsource_confirm
http://www.securityfocus.com/archive/1/514953/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/517739/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/520102/100/0/threaded Mailing List
http://www.securityfocus.com/bid/45118 Vdb Entry
http://www.securitytracker.com/id?1024803 Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2011-0007.html X_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2011-0012.html X_refsource_confirm
http://www.vupen.com/english/advisories/2010/3094 Vdb Entry
http://www.vupen.com/english/advisories/2010/3095 Vdb Entry
http://www.vupen.com/english/advisories/2010/3101 Vdb Entry
http://www.vupen.com/english/advisories/2010/3118 Vdb Entry
http://www.vupen.com/english/advisories/2011/0187 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121 Signature
URL Date SRC
URL Date SRC
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html 2020-01-21
URL Date SRC
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html 2020-01-21
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html 2020-01-21
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html 2020-01-21
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html 2020-01-21
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html 2020-01-21
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html 2020-01-21
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html 2020-01-21
http://marc.info/?l=bugtraq&m=129562442714657&w=2 2020-01-21
http://marc.info/?l=bugtraq&m=130497213107107&w=2 2020-01-21
http://secunia.com/advisories/42399 2020-01-21
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt 2020-01-21
http://www.debian.org/security/2010/dsa-2129 2020-01-21
http://www.mandriva.com/security/advisories?name=MDVSA-2010:245 2020-01-21
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246 2020-01-21
http://www.redhat.com/support/errata/RHSA-2010-0925.html 2020-01-21
http://www.redhat.com/support/errata/RHSA-2010-0926.html 2020-01-21
http://www.ubuntu.com/usn/USN-1030-1 2020-01-21
https://access.redhat.com/security/cve/CVE-2010-1323 2010-11-30
https://bugzilla.redhat.com/show_bug.cgi?id=648734 2010-11-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mit
Search vendor "Mit"
 Kerberos
Search vendor "Mit" for product "Kerberos"
 5-1.5.4
Search vendor "Mit" for product "Kerberos" and version "5-1.5.4"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.3
Search vendor "Mit" for product "Kerberos 5" and version "1.3"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.3
Search vendor "Mit" for product "Kerberos 5" and version "1.3"
alpha1
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.3.1
Search vendor "Mit" for product "Kerberos 5" and version "1.3.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.3.2
Search vendor "Mit" for product "Kerberos 5" and version "1.3.2"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.3.3
Search vendor "Mit" for product "Kerberos 5" and version "1.3.3"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.3.4
Search vendor "Mit" for product "Kerberos 5" and version "1.3.4"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.3.5
Search vendor "Mit" for product "Kerberos 5" and version "1.3.5"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.3.6
Search vendor "Mit" for product "Kerberos 5" and version "1.3.6"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.4
Search vendor "Mit" for product "Kerberos 5" and version "1.4"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.4.1
Search vendor "Mit" for product "Kerberos 5" and version "1.4.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.4.2
Search vendor "Mit" for product "Kerberos 5" and version "1.4.2"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.4.3
Search vendor "Mit" for product "Kerberos 5" and version "1.4.3"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.4.4
Search vendor "Mit" for product "Kerberos 5" and version "1.4.4"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.5
Search vendor "Mit" for product "Kerberos 5" and version "1.5"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.5.1
Search vendor "Mit" for product "Kerberos 5" and version "1.5.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.5.2
Search vendor "Mit" for product "Kerberos 5" and version "1.5.2"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.5.3
Search vendor "Mit" for product "Kerberos 5" and version "1.5.3"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.6
Search vendor "Mit" for product "Kerberos 5" and version "1.6"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.6.1
Search vendor "Mit" for product "Kerberos 5" and version "1.6.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.6.2
Search vendor "Mit" for product "Kerberos 5" and version "1.6.2"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.7
Search vendor "Mit" for product "Kerberos 5" and version "1.7"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.7.1
Search vendor "Mit" for product "Kerberos 5" and version "1.7.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8
Search vendor "Mit" for product "Kerberos 5" and version "1.8"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8.1
Search vendor "Mit" for product "Kerberos 5" and version "1.8.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8.2
Search vendor "Mit" for product "Kerberos 5" and version "1.8.2"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8.3
Search vendor "Mit" for product "Kerberos 5" and version "1.8.3"
-
Affected