Vulnerability Details : CVE-2010-1320
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2010-1320
- cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-1320
8.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-1320
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2010-1320
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2010-1320
-
Red Hat 2010-04-22Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, or 5.
References for CVE-2010-1320
-
http://www.ubuntu.com/usn/USN-940-1
USN-940-1: Kerberos vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:010
-
http://www.vupen.com/english/advisories/2010/1001
Webmail | OVH- OVH
-
http://securitytracker.com/id?1023904
Kerberos KDC Double Free in process_tgs_req() May Let Remote Authenticated Users Execute Arbitrary Code - SecurityTracker
-
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Apple - Lists.apple.com
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490
#577490 - CVE-2010-1320 double free in KDC caused by ticket renewal - Debian Bug report logs
-
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt
-
http://www.securityfocus.com/bid/39599
MIT Kerberos 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption VulnerabilityExploit
-
http://www.securityfocus.com/archive/1/510843/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2010/1481
Webmail | OVH- OVH
-
http://support.apple.com/kb/HT4188
About the security content of Security Update 2010-004 / Mac OS X v10.6.4 - Apple Support
-
http://www.vupen.com/english/advisories/2010/1192
Webmail | OVH- OVH
Jump to