NVD

Id
12854  
Name
CVE-2010-1322  
Description
The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-10-07  
Modified Date
2011-01-14  
Seq
2010-1322  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
70819 12854 CVE-2010-1322 SUSE-SR:2010:019  View
70820 12854 CVE-2010-1322 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt  View
70821 12854 CVE-2010-1322 MDVSA-2010:202  View
70822 12854 CVE-2010-1322 RHSA-2010:0863  View
70823 12854 CVE-2010-1322 20101005 MITKRB5-SA-2010-006 [CVE-2010-1322] KDC uninitialized pointer crash in authorization data handling  View
70824 12854 CVE-2010-1322 43756  View
70825 12854 CVE-2010-1322 USN-999-1  View
70826 12854 CVE-2010-1322 ADV-2010-2865  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
36705 JVNDB-2010-002485 MIT Kerberos 5 の Key Distribution Center 内にある kdc_authdata.c における任意のコードを実行される脆弱性 MIT Kerberos 5 の Key Distribution Center (KDC) 内にある kdc_authdata.c の merge_authdata 関数には、authorization-data リストへのインデックスを適切に管理しないため、サービス運用妨害 (DoS) 状態となる、重要な情報を取得される、管理者になりすまされる、または任意のコードを実行される脆弱性が存在します。 CVE-2010-1322 43902 CVE-2010-1322 12854 6.5 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-002485.html 2010-10-05 2013-11-01 View