Search for vulnerabilities
Vulnerability details: VCID-6su2-9y9r-aaaf
Vulnerability ID VCID-6su2-9y9r-aaaf
Aliases CVE-2010-1320
Summary Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-399 Resource Management Errors
CWE-416 Use After Free
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
epss 0.04465 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.04465 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.04465 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.04465 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.04465 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.04465 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.04465 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.04465 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.04465 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.04465 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.08051 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.08051 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.08051 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14121 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.14687 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
epss 0.21262 https://api.first.org/data/v1/epss?cve=CVE-2010-1320
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=581922
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2010-1320
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1320.json
https://api.first.org/data/v1/epss?cve=CVE-2010-1320
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1320
http://secunia.com/advisories/39656
http://secunia.com/advisories/39784
http://secunia.com/advisories/40220
http://securitytracker.com/id?1023904
http://support.apple.com/kb/HT4188
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt
http://www.securityfocus.com/archive/1/510843/100/0/threaded
http://www.securityfocus.com/bid/39599
http://www.ubuntu.com/usn/USN-940-1
http://www.vupen.com/english/advisories/2010/1001
http://www.vupen.com/english/advisories/2010/1192
http://www.vupen.com/english/advisories/2010/1481
577490 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490
581922 https://bugzilla.redhat.com/show_bug.cgi?id=581922
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
CVE-2010-1320 https://nvd.nist.gov/vuln/detail/CVE-2010-1320
CVE-2010-1320;OSVDB-63975 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33855.txt
CVE-2010-1320;OSVDB-63975 Exploit https://www.securityfocus.com/bid/39599/info
GLSA-201201-13 https://security.gentoo.org/glsa/201201-13
USN-940-1 https://usn.ubuntu.com/940-1/
Data source Exploit-DB
Date added April 20, 2010
Description MIT Kerberos 5 - 'src/kdc/do_tgs_req.c' Ticket Renewal Double-Free Memory Corruption
Ransomware campaign use Known
Source publication date April 20, 2010
Exploit type remote
Platform linux
Source update date June 24, 2014
Source URL https://www.securityfocus.com/bid/39599/info
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-1320
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.92638
EPSS Score 0.04465
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.