| ID |
CVE-2010-1320
|
| Summary |
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
-
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
-
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
-
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 4.0 (as of 21-01-2020 - 15:45) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
SINGLE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
| refmap
via4
|
| apple | APPLE-SA-2010-06-15-1 | | bid | 39599 | | bugtraq | 20100420 MITKRB5-SA-2010-004 [CVE-2010-1320] double free in KDC | | confirm | | | sectrack | 1023904 | | secunia | | | suse | SUSE-SR:2010:010 | | ubuntu | USN-940-1 | | vupen | - ADV-2010-1001
- ADV-2010-1192
- ADV-2010-1481
|
|
| statements
via4
|
| contributor | Tomas Hoger | | lastmodified | 2010-04-22 | | organization | Red Hat | | statement | Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, or 5. |
|
| Last major update |
21-01-2020 - 15:45 |
| Published |
22-04-2010 - 14:30 |
| Last modified |
21-01-2020 - 15:45 |
