CVE-2010-1321

Priority
Description
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API
library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as
used in kadmind and other applications, does not properly check for invalid
GSS-API tokens, which allows remote authenticated users to cause a denial
of service (NULL pointer dereference and daemon crash) via an AP-REQ
message in which the authenticator's checksum field is missing.
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:released (1.8.1+dfsg-3)
Package
Upstream:released (6.22)
More Information

Updated: 2019-03-19 11:53:01 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)