QwikSec

Security Database

CVE

CWE

Training

CVE-2010-1322

Published: Oct 7, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_MANDRIVA

vdb-entry

x_refsource_BID

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt

x_refsource_CONFIRM

20101005 MITKRB5-SA-2010-006 [CVE-2010-1322] KDC uninitialized pointer crash in authorization data handling

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_REDHAT

SUSE-SR:2010:019

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.