CVE-2010-1323

Publication date 2 December 2010

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

3.7 · Low

Score breakdown

MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.

Status

Package Ubuntu Release Status
krb5 10.10 maverick
Fixed 1.8.1+dfsg-5ubuntu0.2
10.04 LTS lucid
Fixed 1.8.1+dfsg-2ubuntu0.4
9.10 karmic
Fixed 1.7dfsg~beta3-1ubuntu0.7
8.04 LTS hardy
Fixed 1.6.dfsg.3~beta1-2ubuntu1.6
6.06 LTS dapper
Fixed 1.4.3-5ubuntu0.12

Severity score breakdown

Parameter Value
Base score 3.7 · Low
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact Low
Availability impact None
Vector CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Related Ubuntu Security Notices (USN)

    • USN-1030-1
    • Kerberos vulnerabilities
    • 9 December 2010

Other references