CVE-2010-1324

3.7 LOW
Published: December 02, 2010 Modified: April 29, 2026
View on NVD

Description

MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://kb.vmware.com/kb/1035108
Source: cve@mitre.org
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Source: cve@mitre.org
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
Source: cve@mitre.org
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Source: cve@mitre.org
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
Source: cve@mitre.org
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
Source: cve@mitre.org
http://marc.info/?l=bugtraq&m=129562442714657&w=2
Source: cve@mitre.org
http://osvdb.org/69609
Source: cve@mitre.org
http://secunia.com/advisories/42399
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/43015
Source: cve@mitre.org
http://support.apple.com/kb/HT4581
Source: cve@mitre.org
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
Source: cve@mitre.org
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
Source: cve@mitre.org
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Source: cve@mitre.org
Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0925.html
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/514953/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/517739/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/45116
Source: cve@mitre.org
http://www.securitytracker.com/id?1024803
Source: cve@mitre.org
http://www.ubuntu.com/usn/USN-1030-1
Source: cve@mitre.org
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2010/3094
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2010/3095
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2010/3118
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2011/0187
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
Source: cve@mitre.org
http://kb.vmware.com/kb/1035108
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.vmware.com/pipermail/security-announce/2011/000133.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=bugtraq&m=129562442714657&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://osvdb.org/69609
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/42399
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/43015
Source: af854a3a-2127-422b-91ae-364da2661108
http://support.apple.com/kb/HT4581
Source: af854a3a-2127-422b-91ae-364da2661108
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0925.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/514953/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/517739/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/45116
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1024803
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-1030-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vmware.com/security/advisories/VMSA-2011-0007.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2010/3094
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2010/3095
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2010/3118
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2011/0187
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11936
Source: af854a3a-2127-422b-91ae-364da2661108

54 reference(s) from NVD

Quick Stats

CVSS v3 Score
3.7 / 10.0
EPSS (Exploit Probability)
3.5%
88th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-310

Affected Vendors

mit

Related CVEs

CVE-2026-43964 3.7
CVE-2026-42237 N/A
CVE-2026-42236 N/A
CVE-2026-42235 N/A
CVE-2026-42234 N/A