CVE-2010-1322

Related Files

Gentoo Linux Security Advisory 201201-13

Posted Jan 24, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-13 - Multiple vulnerabilities have been found in MIT Kerberos 5, the most severe of which may allow remote execution of arbitrary code. Versions less than 1.9.2-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2009-3295, CVE-2009-4212, CVE-2010-0283, CVE-2010-0629, CVE-2010-1320, CVE-2010-1321, CVE-2010-1322, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020, CVE-2010-4021, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282, CVE-2011-0283, CVE-2011-0284, CVE-2011-0285, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529, CVE-2011-1530, CVE-2011-4151

SHA-256 | 5fe5b981b497ad572aa4e53428ce29f2dcd53be74dc124715f4b3cff09100dd9

Download | Favorite | View

Mandriva Linux Security Advisory 2010-202

Posted Nov 3, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-202 - The merge_authdata function in kdc_authdata.c in the Key Distribution Center 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request, as demonstrated by a request from a Windows Active Directory client. The updated packages have been patched to correct this issue. Update packages for MES5 were missing with the MDVSA-2010:202 advisory. This advisory provides the update packages.

tags | advisory, remote, denial of service, arbitrary, spoof

systems | linux, windows, mandriva

advisories | CVE-2010-1322

SHA-256 | 4a338f887721e9895a8e3e6036743fdb11f3dc56f4b0b2a8e338f76f0aa24b5a

Download | Favorite | View

Mandriva Linux Security Advisory 2010-202

Posted Oct 14, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-202 - The merge_authdata function in kdc_authdata.c in the Key Distribution Center 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service , or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request, as demonstrated by a request from a Windows Active Directory client. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, arbitrary, spoof

systems | linux, windows, mandriva

advisories | CVE-2010-1322

SHA-256 | 0407defa613f2b63a25168e758145b891c0948dff6302abe676174b164b80ce2

Download | Favorite | View

Ubuntu Security Notice 999-1

Posted Oct 5, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 999-1 - Mike Roszkowski discovered that the Kerberos KDC did not correctly validate the contents of certain messages. If an authenticated remote attacker sent specially crafted TGS requests, the KDC service would crash, leading to a denial of service.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2010-1322

SHA-256 | 5de8b3fb4816aafe3b8e24e0543bd5f4519a3ac80cdb3555bd7c8f5dccf79f6e

Download | Favorite | View

MIT krb5 Security Advisory 2010-006

Posted Oct 5, 2010

Site web.mit.edu

MIT krb5 Security Advisory 2010-006 - When the MIT krb5 KDC receives certain Kerberos TGS request messages, it may dereference an uninitialized pointer while processing authorization data, causing a crash, or in rare cases, unauthorized information disclosure, ticket modification, or execution of arbitrary code. The crash may be triggered by legitimate requests. This is an implementation vulnerability in MIT krb5, and not a vulnerability in the Kerberos protocol.

tags | advisory, arbitrary, protocol, info disclosure

advisories | CVE-2010-1322

SHA-256 | f3039556ba2a6b5f444436e40cac97de156ae171ed4baa92a2d04b1d58559192

Download | Favorite | View