Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2010-1324

Disclosure Date: December 02, 2010 •

CVE-2010-1324 CVSS v3 Base Score: 3.7

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

3.7 Low

Impact Score:

1.4

Exploitability Score:

2.2

Vector:

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

High

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

Low

Availability (A):

None

Vendors

mit

Products

kerberos 5 1.7,
kerberos 5 1.7.1,
kerberos 5 1.8,
kerberos 5 1.8.1,
kerberos 5 1.8.2,
kerberos 5 1.8.3

References

Canonical

CVE-2010-1324 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324)

BID-45116 (http://www.securityfocus.com/bid/45116)

Advisory

ADV-2010-3094 (http://www.vupen.com/english/advisories/2010/3094)

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:246

FEDORA-2010-18425 (http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html)

http://kb.vmware.com/kb/1035108

ADV-2010-3118 (http://www.vupen.com/english/advisories/2010/3118)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936

ADV-2011-0187 (http://www.vupen.com/english/advisories/2011/0187)

20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] (http://www.securityfocus.com/archive/1/514953/100/0/threaded)

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

http://www.vmware.com/security/advisories/VMSA-2011-0007.html

APPLE-SA-2011-03-21-1 (http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html)

OSVDB-69609 (http://osvdb.org/69609)

HPSBUX02623 (http://marc.info?l=bugtraq&m=129562442714657&w=2)

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt

ADV-2010-3095 (http://www.vupen.com/english/advisories/2010/3095)

SECUNIA-42399 (http://secunia.com/advisories/42399)

[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (http://lists.vmware.com/pipermail/security-announce/2011/000133.html)

SECTRACK-1024803 (http://www.securitytracker.com/id?1024803)

20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (http://www.securityfocus.com/archive/1/517739/100/0/threaded)

FEDORA-2010-18409 (http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html)

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://www.redhat.com/support/errata/RHSA-2010-0925.html

USN-1030-1 (http://www.ubuntu.com/usn/USN-1030-1)

SECUNIA-43015 (http://secunia.com/advisories/43015)

http://support.apple.com/kb/HT4581

Rapid7

Technical Analysis