CVE-2010-1321

Published: May 19, 2010Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability: 8.0 / Impact: 6.9

Source: NVD

Description

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.

Affected (20)

Products: Mit: Kerberos 5 · Debian: Debian Linux · Canonical: Ubuntu Linux · +4 more

Show all products

Mit: Kerberos 5 · Debian: Debian Linux · Canonical: Ubuntu Linux · Oracle: Database Server · Opensuse: Opensuse · Suse: Linux Enterprise Server · Fedoraproject: Fedora

1 product

1 product

1 product

1 product

1 product

1 product

Linux Enterprise Server

Fedoraproject

1 product

Fedora

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mit Kerberos 5	Up to 1.7.1
Mit Kerberos 5	From 1.8 to 1.8.2

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 6.0

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 9.04
Canonical Ubuntu Linux	Version 9.10

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Database Server	All versions

Configuration E

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.0
Opensuse Opensuse	Version 11.1
Opensuse Opensuse	Version 11.2
Opensuse Opensuse	Version 11.3
Suse Linux Enterprise Server	Version 10 sp3
Suse Linux Enterprise Server	Version 11
Suse Linux Enterprise Server	Version 11 sp1

Configuration F

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 11
Fedoraproject Fedora	Version 12
Fedoraproject Fedora	Version 13

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (118)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427

Source: cve@mitre.org

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=134254866602253&w=2

Source: cve@mitre.org

Issue TrackingThird Party Advisory

http://osvdb.org/64744

Source: cve@mitre.org

Broken Link

http://secunia.com/advisories/39762

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/39784

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/39799

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/39818

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/39849

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/40346

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/40685

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/41967

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/42432

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/42974

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/43335

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/44954

Source: cve@mitre.org

Third Party Advisory

http://support.avaya.com/css/P8/documents/100114315

Source: cve@mitre.org

Third Party Advisory

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt

Source: cve@mitre.org

PatchVendor Advisory

http://www.debian.org/security/2010/dsa-2052

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:100

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0423.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0770.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0807.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0873.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0935.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0987.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-0152.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2011-0880.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/archive/1/511331/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/516397/100/0/threaded

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/40235

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-940-1

Source: cve@mitre.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-940-2

Source: cve@mitre.org

Third Party Advisory

http://www.us-cert.gov/cas/techalerts/TA10-287A.html

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.us-cert.gov/cas/techalerts/TA11-201A.html

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2010/1177

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2010/1192

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2010/1193

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2010/1196

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2010/1222

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2010/1574

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2010/1882

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2010/3112

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0134

Source: cve@mitre.org

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11604

Source: cve@mitre.org

Broken LinkThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7198

Source: cve@mitre.org

Broken LinkThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7450

Source: cve@mitre.org

Broken LinkThird Party Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427