ID CVE-2010-1320
Summary Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos:5-1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.8.1:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 10-10-2018 - 19:56)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:P
refmap via4
apple APPLE-SA-2010-06-15-1
bid 39599
bugtraq 20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC
confirm
sectrack 1023904
secunia
  • 39656
  • 39784
  • 40220
suse SUSE-SR:2010:010
ubuntu USN-940-1
vupen
  • ADV-2010-1001
  • ADV-2010-1192
  • ADV-2010-1481
statements via4
contributor Tomas Hoger
lastmodified 2010-04-22
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Last major update 10-10-2018 - 19:56
Published 22-04-2010 - 14:30
Back to Top