Search for vulnerabilities
Vulnerability details: VCID-vm7d-hfcr-aaar
Vulnerability ID VCID-vm7d-hfcr-aaar
Aliases CVE-2010-1321
Summary The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
cvssv3.1 6.1 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
generic_textual MODERATE http://marc.info/?l=bugtraq&m=134254866602253&w=2
rhas Important https://access.redhat.com/errata/RHSA-2010:0423
rhas Critical https://access.redhat.com/errata/RHSA-2010:0770
rhas Critical https://access.redhat.com/errata/RHSA-2010:0807
rhas Critical https://access.redhat.com/errata/RHSA-2010:0873
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0935
rhas Critical https://access.redhat.com/errata/RHSA-2010:0987
rhas Moderate https://access.redhat.com/errata/RHSA-2011:0152
rhas Low https://access.redhat.com/errata/RHSA-2011:0880
epss 0.00991 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.01399 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.02199 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.0242 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.04010 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.04010 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.04351 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.05570 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
epss 0.05570 https://api.first.org/data/v1/epss?cve=CVE-2010-1321
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=582466
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2010-1321
generic_textual MODERATE http://support.avaya.com/css/P8/documents/100114315
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0770.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0807.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2010-0987.html
generic_textual MODERATE http://www.redhat.com/support/errata/RHSA-2011-0880.html
generic_textual MODERATE http://www.us-cert.gov/cas/techalerts/TA10-287A.html
generic_textual MODERATE http://www.vmware.com/security/advisories/VMSA-2011-0003.html
Reference id Reference type URL
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://osvdb.org/64744
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1321.json
https://api.first.org/data/v1/epss?cve=CVE-2010-1321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321
http://secunia.com/advisories/39762
http://secunia.com/advisories/39784
http://secunia.com/advisories/39799
http://secunia.com/advisories/39818
http://secunia.com/advisories/39849
http://secunia.com/advisories/40346
http://secunia.com/advisories/40685
http://secunia.com/advisories/41967
http://secunia.com/advisories/42432
http://secunia.com/advisories/42974
http://secunia.com/advisories/43335
http://secunia.com/advisories/44954
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450
http://support.avaya.com/css/P8/documents/100114315
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt
http://www.debian.org/security/2010/dsa-2052
http://www.mandriva.com/security/advisories?name=MDVSA-2010:100
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
http://www.redhat.com/support/errata/RHSA-2010-0423.html
http://www.redhat.com/support/errata/RHSA-2010-0770.html
http://www.redhat.com/support/errata/RHSA-2010-0807.html
http://www.redhat.com/support/errata/RHSA-2010-0873.html
http://www.redhat.com/support/errata/RHSA-2010-0935.html
http://www.redhat.com/support/errata/RHSA-2010-0987.html
http://www.redhat.com/support/errata/RHSA-2011-0152.html
http://www.redhat.com/support/errata/RHSA-2011-0880.html
http://www.securityfocus.com/archive/1/511331/100/0/threaded
http://www.securityfocus.com/archive/1/516397/100/0/threaded
http://www.securityfocus.com/bid/40235
http://www.ubuntu.com/usn/USN-940-1
http://www.ubuntu.com/usn/USN-940-2
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
http://www.us-cert.gov/cas/techalerts/TA11-201A.html
http://www.vmware.com/security/advisories/VMSA-2011-0003.html
http://www.vupen.com/english/advisories/2010/1177
http://www.vupen.com/english/advisories/2010/1192
http://www.vupen.com/english/advisories/2010/1193
http://www.vupen.com/english/advisories/2010/1196
http://www.vupen.com/english/advisories/2010/1222
http://www.vupen.com/english/advisories/2010/1574
http://www.vupen.com/english/advisories/2010/1882
http://www.vupen.com/english/advisories/2010/3112
http://www.vupen.com/english/advisories/2011/0134
582261 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582261
582466 https://bugzilla.redhat.com/show_bug.cgi?id=582466
cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database_server:-:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
CVE-2010-1321 https://nvd.nist.gov/vuln/detail/CVE-2010-1321
GLSA-201201-13 https://security.gentoo.org/glsa/201201-13
RHSA-2010:0423 https://access.redhat.com/errata/RHSA-2010:0423
RHSA-2010:0770 https://access.redhat.com/errata/RHSA-2010:0770
RHSA-2010:0807 https://access.redhat.com/errata/RHSA-2010:0807
RHSA-2010:0873 https://access.redhat.com/errata/RHSA-2010:0873
RHSA-2010:0935 https://access.redhat.com/errata/RHSA-2010:0935
RHSA-2010:0987 https://access.redhat.com/errata/RHSA-2010:0987
RHSA-2011:0152 https://access.redhat.com/errata/RHSA-2011:0152
RHSA-2011:0880 https://access.redhat.com/errata/RHSA-2011:0880
USN-940-1 https://usn.ubuntu.com/940-1/
USN-940-2 https://usn.ubuntu.com/940-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2010-1321
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.83975
EPSS Score 0.00991
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.