First published: Wed May 19 2010(Updated: )
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MIT Kerberos 5 | <=1.7.1 | |
MIT Kerberos 5 | >=1.8<1.8.2 | |
Debian GNU/Linux | =5.0 | |
Debian GNU/Linux | =6.0 | |
Ubuntu Linux | =6.06 | |
Ubuntu Linux | =8.04 | |
Ubuntu Linux | =9.04 | |
Ubuntu Linux | =9.10 | |
Ubuntu Linux | =10.04 | |
Oracle Database | ||
openSUSE | =11.0 | |
openSUSE | =11.1 | |
openSUSE | =11.2 | |
openSUSE | =11.3 | |
SUSE Linux Enterprise Server | =10-sp3 | |
SUSE Linux Enterprise Server | =11 | |
SUSE Linux Enterprise Server | =11-sp1 | |
Fedoraproject Fedora | =11 | |
Fedoraproject Fedora | =12 | |
Fedoraproject Fedora | =13 | |
MIT Kerberos 5 Application | >=1.8<1.8.2 | |
MIT Kerberos 5 Application | <=1.7.1 | |
Debian | =5.0 | |
Debian | =6.0 | |
Ubuntu | =9.04 | |
Ubuntu | =9.10 | |
Ubuntu | =10.04 | |
Ubuntu | =8.04 | |
Ubuntu | =6.06 | |
Fedora | =11 | |
Fedora | =13 | |
Fedora | =12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-1321 has been classified as a moderate severity vulnerability that could lead to denial of service.
To fix CVE-2010-1321, upgrade your MIT Kerberos 5 implementation to version 1.8.2 or later.
CVE-2010-1321 affects MIT Kerberos 5 versions up to 1.8.1 and Debian and Ubuntu versions listed in the vulnerability report.
Yes, CVE-2010-1321 can be exploited by remote authenticated users.
The impact of CVE-2010-1321 can result in denial of service, making systems unresponsive due to improper handling of GSS-API tokens.