Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2010-1323

Disclosure Date: December 02, 2010
CVE-2010-1323 CVSS v3 Base Score: 3.7
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
3.7 Low
Impact Score:
1.4
Exploitability Score:
2.2
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
Low
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • mit

Products

  • kerberos 5 1.3,
  • kerberos 5 1.3.1,
  • kerberos 5 1.3.2,
  • kerberos 5 1.3.3,
  • kerberos 5 1.3.4,
  • kerberos 5 1.3.5,
  • kerberos 5 1.3.6,
  • kerberos 5 1.4,
  • kerberos 5 1.4.1,
  • kerberos 5 1.4.2,
  • kerberos 5 1.4.3,
  • kerberos 5 1.4.4,
  • kerberos 5 1.5,
  • kerberos 5 1.5.1,
  • kerberos 5 1.5.2,
  • kerberos 5 1.5.3,
  • kerberos 5 1.6,
  • kerberos 5 1.6.1,
  • kerberos 5 1.6.2,
  • kerberos 5 1.7,
  • kerberos 5 1.7.1,
  • kerberos 5 1.8,
  • kerberos 5 1.8.1,
  • kerberos 5 1.8.2,
  • kerberos 5 1.8.3,
  • kerberos 5-1.5.4

References

Canonical
CVE-2010-1323 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323)
BID-45118 (http://www.securityfocus.com/bid/45118)
Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
ADV-2010-3094 (http://www.vupen.com/english/advisories/2010/3094)
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
FEDORA-2010-18425 (http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html)
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (http://www.securityfocus.com/archive/1/520102/100/0/threaded)
http://kb.vmware.com/kb/1035108
SECUNIA-46397 (http://secunia.com/advisories/46397)
ADV-2010-3118 (http://www.vupen.com/english/advisories/2010/3118)
SSRT100495 (http://marc.info?l=bugtraq&m=130497213107107&w=2)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121
ADV-2011-0187 (http://www.vupen.com/english/advisories/2011/0187)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:245
OSVDB-69610 (http://osvdb.org/69610)
20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] (http://www.securityfocus.com/archive/1/514953/100/0/threaded)
http://www.redhat.com/support/errata/RHSA-2010-0926.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
APPLE-SA-2011-03-21-1 (http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html)
SECUNIA-42420 (http://secunia.com/advisories/42420)
HPSBUX02623 (http://marc.info?l=bugtraq&m=129562442714657&w=2)
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
ADV-2010-3095 (http://www.vupen.com/english/advisories/2010/3095)
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
ADV-2010-3101 (http://www.vupen.com/english/advisories/2010/3101)
SECUNIA-42399 (http://secunia.com/advisories/42399)
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
[security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (http://lists.vmware.com/pipermail/security-announce/2011/000133.html)
SECTRACK-1024803 (http://www.securitytracker.com/id?1024803)
20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console (http://www.securityfocus.com/archive/1/517739/100/0/threaded)
FEDORA-2010-18409 (http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://www.redhat.com/support/errata/RHSA-2010-0925.html
USN-1030-1 (http://www.ubuntu.com/usn/USN-1030-1)
SECUNIA-43015 (http://secunia.com/advisories/43015)
http://support.apple.com/kb/HT4581
DSA-2129 (http://www.debian.org/security/2010/dsa-2129)
SECUNIA-42436 (http://secunia.com/advisories/42436)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis