1. CVE-Search
  2. CVE-2010-4020
ID CVE-2010-4020
Summary MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 21-01-2020 - 15:46)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:P/A:N
redhat via4
advisories
bugzilla
id 648735
title CVE-2010-4020 krb5: krb5 may accept authdata checksums with low-entropy derived keys (MITKRB5-SA-2010-007)
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 6 is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • comment krb5-devel is earlier than 0:1.8.2-3.el6_0.3
          oval oval:com.redhat.rhsa:tst:20100925001
        • comment krb5-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599002
      • AND
        • comment krb5-libs is earlier than 0:1.8.2-3.el6_0.3
          oval oval:com.redhat.rhsa:tst:20100925003
        • comment krb5-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599004
      • AND
        • comment krb5-pkinit-openssl is earlier than 0:1.8.2-3.el6_0.3
          oval oval:com.redhat.rhsa:tst:20100925005
        • comment krb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863006
      • AND
        • comment krb5-server is earlier than 0:1.8.2-3.el6_0.3
          oval oval:com.redhat.rhsa:tst:20100925007
        • comment krb5-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599008
      • AND
        • comment krb5-server-ldap is earlier than 0:1.8.2-3.el6_0.3
          oval oval:com.redhat.rhsa:tst:20100925009
        • comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599010
      • AND
        • comment krb5-workstation is earlier than 0:1.8.2-3.el6_0.3
          oval oval:com.redhat.rhsa:tst:20100925011
        • comment krb5-workstation is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20192599012
rhsa
id RHSA-2010:0925
released 2010-11-30
severity Important
title RHSA-2010:0925: krb5 security and bug fix update (Important)
rpms
  • krb5-debuginfo-0:1.8.2-3.el6_0.3
  • krb5-devel-0:1.8.2-3.el6_0.3
  • krb5-libs-0:1.8.2-3.el6_0.3
  • krb5-pkinit-openssl-0:1.8.2-3.el6_0.3
  • krb5-server-0:1.8.2-3.el6_0.3
  • krb5-server-ldap-0:1.8.2-3.el6_0.3
  • krb5-workstation-0:1.8.2-3.el6_0.3
refmap via4
apple APPLE-SA-2011-03-21-1
bid 45117
bugtraq
  • 20101130 MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]
  • 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
confirm
fedora
  • FEDORA-2010-18409
  • FEDORA-2010-18425
mandriva MDVSA-2010:246
mlist [security-announce] 20110428 VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
osvdb 69608
sectrack 1024803
secunia 42399
suse
  • SUSE-SR:2010:023
  • SUSE-SR:2010:024
ubuntu USN-1030-1
vupen
  • ADV-2010-3094
  • ADV-2010-3095
  • ADV-2010-3118
Last major update 21-01-2020 - 15:46
Published 02-12-2010 - 16:22
Last modified 21-01-2020 - 15:46
Back to Top