Back to search
CVE-2010-4020
Published: Dec 2, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2010-3094
vdb-entry
x_refsource_VUPEN
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
x_refsource_CONFIRM
MDVSA-2010:246
vendor-advisory
x_refsource_MANDRIVA
FEDORA-2010-18425
vendor-advisory
x_refsource_FEDORA
http://kb.vmware.com/kb/1035108
x_refsource_CONFIRM
ADV-2010-3118
vdb-entry
x_refsource_VUPEN
SUSE-SR:2010:023
vendor-advisory
x_refsource_SUSE
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
x_refsource_CONFIRM
APPLE-SA-2011-03-21-1
vendor-advisory
x_refsource_APPLE
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
x_refsource_CONFIRM
ADV-2010-3095
vdb-entry
x_refsource_VUPEN
42399
third-party-advisory
x_refsource_SECUNIA
1024803
vdb-entry
x_refsource_SECTRACK
FEDORA-2010-18409
vendor-advisory
x_refsource_FEDORA
SUSE-SR:2010:024
vendor-advisory
x_refsource_SUSE
RHSA-2010:0925
vendor-advisory
x_refsource_REDHAT
USN-1030-1
vendor-advisory
x_refsource_UBUNTU
69608
vdb-entry
x_refsource_OSVDB
45117
vdb-entry
x_refsource_BID
http://support.apple.com/kb/HT4581
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now