PublicDateAtUSN: 2010-12-02
Candidate: CVE-2010-1323
PublicDate: 2010-12-02 16:22:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
 https://ubuntu.com/security/notices/USN-1030-1
Description:
 MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x
 through 1.8.3 does not properly determine the acceptability of checksums,
 which might allow remote attackers to modify user-visible prompt text,
 modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE
 message via certain checksums that (1) are unkeyed or (2) use RC4 keys.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N [3.7 LOW]

Patches_krb5:
upstream_krb5: needs-triage
dapper_krb5: released (1.4.3-5ubuntu0.12)
hardy_krb5: released (1.6.dfsg.3~beta1-2ubuntu1.6)
karmic_krb5: released (1.7dfsg~beta3-1ubuntu0.7)
lucid_krb5: released (1.8.1+dfsg-2ubuntu0.4)
maverick_krb5: released (1.8.1+dfsg-5ubuntu0.2)
devel_krb5: not-affected (1.8.3+dfsg-3)