Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-1321

Опубликовано: 18 мая 2010
Источник: redhat
CVSS2: 4
EPSS Низкий

Описание

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6krb5Not affected
Extras for RHEL 4java-1.6.0-sunFixedRHSA-2010:077014.10.2010
Extras for RHEL 4java-1.5.0-ibmFixedRHSA-2010:080727.10.2010
Extras for RHEL 4java-1.4.2-ibmFixedRHSA-2010:093501.12.2010
Extras for RHEL 4java-1.6.0-ibmFixedRHSA-2010:098715.12.2010
Extras for RHEL 4java-1.4.2-ibmFixedRHSA-2011:015217.01.2011
Red Hat Enterprise Linux 3krb5FixedRHSA-2010:042318.05.2010
Red Hat Enterprise Linux 4krb5FixedRHSA-2010:042318.05.2010
Red Hat Enterprise Linux 5krb5FixedRHSA-2010:042318.05.2010
Red Hat Enterprise Linux 6 Supplementaryjava-1.5.0-ibmFixedRHSA-2010:087310.11.2010

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=582466krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)

EPSS

Процентиль: 84%
0.02199
Низкий

4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-1321

ubuntu
около 15 лет назад

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

nvd логотип

CVE-2010-1321

nvd
около 15 лет назад

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

debian логотип

CVE-2010-1321

debian
около 15 лет назад

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-AP ...

github логотип

GHSA-pcm6-6x97-2mrc

github
около 3 лет назад

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

oracle-oval логотип

ELSA-2010-0423

oracle-oval
около 15 лет назад

ELSA-2010-0423: krb5 security update (IMPORTANT)

EPSS

Процентиль: 84%
0.02199
Низкий

4 Medium

CVSS2