| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2010-1321
MIT krb5: denial of service via GSS-API
Synthesis of the vulnerability
| An authenticated attacker can send a malicious GSS-API token, in order to stop some MIT krb5 applications. |
Severity: 2/4.
Creation date: 19/05/2010.
|
Description of the vulnerability
The MIT Kerberos GSS-API (Generic Security Service Application Program Interface) library is used by GSS-API Server Applications. For example, the kadmind daemon uses this library.
A GSS-API token contains a checksum. However, if this checksum is missing, the krb5_gss_accept_sec_context() function dereferences a NULL pointer.
An authenticated attacker can therefore send a malicious GSS-API token, in order to stop some MIT krb5 applications. |
Complete Vigil@nce bulletin
Characteristics
Title: MIT krb5: denial of service via GSS-API.
Keywords: Application Applications GSS-API Generic Interface Kerberos MIT NULL Program Security Server Service denial krb5 krb5_gss_accept_sec_context service.
Identifiers: BID-40235, c02257427, CVE-2010-1321, DSA-2052-1, FEDORA-2010-8749, FEDORA-2010-8796, FEDORA-2010-8805, HPSBUX02544, MDVSA-2010:100, MDVSA-2010:129, MDVSA-2010:130, MITKRB5-SA-2010-005, RHSA-2010:0423-01, SSRT100107, SUSE-SR:2010:013, SUSE-SR:2010:014, SUSE-SR:2010:015, VIGILANCE-VUL-9651, VMSA-2010-0013.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Security vulnerability alerts
|
