CVE-2010-1323

NameCVE-2010-1323
DescriptionMIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2129-1
NVD severitylow (attack range: remote)
Debian Bugs605553
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
krb5 (PTS)squeeze (security), squeeze1.8.3+dfsg-4squeeze7fixed
squeeze (lts)1.8.3+dfsg-4squeeze9fixed
wheezy1.10.1+dfsg-5+deb7u2fixed
wheezy (security)1.10.1+dfsg-5+deb7u3fixed
jessie, sid1.12.1+dfsg-18fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
krb5source(unstable)1.8.3+dfsg-3low605553
krb5sourcelenny1.6.dfsg.4~beta1-5lenny6lowDSA-2129-1

Search for package or bug name: Reporting problems