ID CVE-2010-1321
Summary The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. Per: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-005.txt 'AFFECTED SOFTWARE ================= * kadmind and other GSS-API server applications in all known releases of MIT krb5, up to and including krb5-1.8.1 * third-party GSS-API server applications that link link against the GSS-API library in all known releases of MIT krb5, up to and including krb5-1.8.1 * Independent implementations of the krb5 GSS-API mechanism may be vulnerable, as the underlying bug is based on plausible (but invalid) assumptions about the Kerberos protocol.' Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos:5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3:alpha1:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.8:alpha:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.8:alpha:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:-:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:-:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5-1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5-1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5_1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5_1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5_1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5_1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5_1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5_1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5_1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5_1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5_1.2:beta1:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5_1.2:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5_1.2:beta2:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5_1.2:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos:5_1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos:5_1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:derrick_brashear:kadmind:*:*:*:*:*:*:*:*
    cpe:2.3:a:derrick_brashear:kadmind:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 10-10-2018 - 19:56)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:C
oval via4
  • accepted 2013-04-29T04:14:56.151-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
    family unix
    id oval:org.mitre.oval:def:11604
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
    version 24
  • accepted 2014-01-20T04:01:32.932-05:00
    class vulnerability
    contributors
    • name Varun
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    • comment VMware ESX Server 3.5.0 is installed
      oval oval:org.mitre.oval:def:5887
    • comment VMware ESX Server 4.0 is installed
      oval oval:org.mitre.oval:def:6293
    description The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
    family unix
    id oval:org.mitre.oval:def:7198
    status accepted
    submitted 2010-10-01T16:37:39.000-05:00
    title VMware ESX,Service Console update for krb5.
    version 7
  • accepted 2015-04-20T04:02:34.728-04:00
    class vulnerability
    contributors
    • name Chandan M C
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Sushant Kumar Singh
      organization Hewlett-Packard
    • name Prashant Kumar
      organization Hewlett-Packard
    • name Mike Cokus
      organization The MITRE Corporation
    description The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.
    family unix
    id oval:org.mitre.oval:def:7450
    status accepted
    submitted 2010-10-25T11:35:23.000-05:00
    title HP-UX Running Kerberos, Remote Denial of Service (DoS), Execution of Arbitrary Code
    version 44
redhat via4
advisories
  • bugzilla
    id 582466
    title CVE-2010-1321 krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhba:tst:20070026001
      • OR
        • AND
          • comment krb5-devel is earlier than 0:1.2.7-72
            oval oval:com.redhat.rhsa:tst:20100423006
          • comment krb5-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095007
        • AND
          • comment krb5-libs is earlier than 0:1.2.7-72
            oval oval:com.redhat.rhsa:tst:20100423004
          • comment krb5-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095003
        • AND
          • comment krb5-server is earlier than 0:1.2.7-72
            oval oval:com.redhat.rhsa:tst:20100423008
          • comment krb5-server is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095009
        • AND
          • comment krb5-workstation is earlier than 0:1.2.7-72
            oval oval:com.redhat.rhsa:tst:20100423002
          • comment krb5-workstation is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095005
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment krb5-devel is earlier than 0:1.3.4-62.el4_8.2
            oval oval:com.redhat.rhsa:tst:20100423013
          • comment krb5-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095007
        • AND
          • comment krb5-libs is earlier than 0:1.3.4-62.el4_8.2
            oval oval:com.redhat.rhsa:tst:20100423011
          • comment krb5-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095003
        • AND
          • comment krb5-server is earlier than 0:1.3.4-62.el4_8.2
            oval oval:com.redhat.rhsa:tst:20100423012
          • comment krb5-server is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095009
        • AND
          • comment krb5-workstation is earlier than 0:1.3.4-62.el4_8.2
            oval oval:com.redhat.rhsa:tst:20100423014
          • comment krb5-workstation is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070095005
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment krb5-devel is earlier than 0:1.6.1-36.el5_5.4
            oval oval:com.redhat.rhsa:tst:20100423016
          • comment krb5-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070095021
        • AND
          • comment krb5-libs is earlier than 0:1.6.1-36.el5_5.4
            oval oval:com.redhat.rhsa:tst:20100423018
          • comment krb5-libs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070095019
        • AND
          • comment krb5-server is earlier than 0:1.6.1-36.el5_5.4
            oval oval:com.redhat.rhsa:tst:20100423020
          • comment krb5-server is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070095023
        • AND
          • comment krb5-workstation is earlier than 0:1.6.1-36.el5_5.4
            oval oval:com.redhat.rhsa:tst:20100423022
          • comment krb5-workstation is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070095017
    rhsa
    id RHSA-2010:0423
    released 2010-05-18
    severity Important
    title RHSA-2010:0423: krb5 security update (Important)
  • rhsa
    id RHSA-2010:0770
  • rhsa
    id RHSA-2010:0807
  • rhsa
    id RHSA-2010:0873
  • rhsa
    id RHSA-2010:0935
  • rhsa
    id RHSA-2010:0987
  • rhsa
    id RHSA-2011:0152
  • rhsa
    id RHSA-2011:0880
rpms
  • krb5-devel-0:1.2.7-72
  • krb5-libs-0:1.2.7-72
  • krb5-server-0:1.2.7-72
  • krb5-workstation-0:1.2.7-72
  • krb5-devel-0:1.3.4-62.el4_8.2
  • krb5-libs-0:1.3.4-62.el4_8.2
  • krb5-server-0:1.3.4-62.el4_8.2
  • krb5-workstation-0:1.3.4-62.el4_8.2
  • krb5-devel-0:1.6.1-36.el5_5.4
  • krb5-libs-0:1.6.1-36.el5_5.4
  • krb5-server-0:1.6.1-36.el5_5.4
  • krb5-workstation-0:1.6.1-36.el5_5.4
refmap via4
bid 40235
bugtraq
  • 20100518 MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref
  • 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
cert
  • TA10-287A
  • TA11-201A
confirm
debian DSA-2052
fedora
  • FEDORA-2010-8749
  • FEDORA-2010-8796
  • FEDORA-2010-8805
hp
  • HPSBMU02799
  • HPSBUX02544
  • SSRT100107
mandriva MDVSA-2010:100
osvdb 64744
secunia
  • 39762
  • 39784
  • 39799
  • 39818
  • 39849
  • 40346
  • 40685
  • 41967
  • 42432
  • 42974
  • 43335
  • 44954
suse
  • SUSE-SR:2010:013
  • SUSE-SR:2010:014
  • SUSE-SR:2010:019
  • SUSE-SU-2012:0010
  • SUSE-SU-2012:0042
ubuntu
  • USN-940-1
  • USN-940-2
vupen
  • ADV-2010-1177
  • ADV-2010-1192
  • ADV-2010-1193
  • ADV-2010-1196
  • ADV-2010-1222
  • ADV-2010-1574
  • ADV-2010-1882
  • ADV-2010-3112
  • ADV-2011-0134
Last major update 10-10-2018 - 19:56
Published 19-05-2010 - 18:30
Back to Top