Vulnerability in Mit Kerberos_5
CVE-2010-1324
MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeye…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.035 (87.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.7 (Low). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N.
Affected products
- Mit Kerberos_5 — versions 1.8.1, 1.7, 1.8.2
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- ADV-2010-3094 (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- MDVSA-2010:246 (vendor-advisory, x_refsource_MANDRIVA)
- FEDORA-2010-18425 (x_refsource_FEDORA, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- ADV-2010-3118 (vdb-entry, x_refsource_VUPEN)
- oval:org.mitre.oval:def:11936 (x_refsource_OVAL, signature, vdb-entry)
- ADV-2011-0187 (vdb-entry, x_refsource_VUPEN)
- 20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021] (mailing-list, x_refsource_BUGTRAQ)
- SUSE-SR:2010:023 (vendor-advisory, x_refsource_SUSE)
Frequently asked questions
- What is CVE-2010-1324?
- CVE-2010-1324 is a low-severity vulnerability in Mit Kerberos_5, classified under Cryptographic Issues. CVSS score: 3.7/10. Published 2010-12-02.
- How severe is CVE-2010-1324?
- Low severity. CVSS v3 base score is 3.7 out of 10.
- Is CVE-2010-1324 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.