CVE-2010-1321 (retired)

The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API
library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as
used in kadmind and other applications, does not properly check for invalid
GSS-API tokens, which allows remote authenticated users to cause a denial
of service (NULL pointer dereference and daemon crash) via an AP-REQ
message in which the authenticator's checksum field is missing.
Source: krb5 (LP Ubuntu Debian)
Upstream:released (1.8.1+dfsg-3)
Upstream:released (6.22)
More Information

Updated: 2019-03-26 11:51:16 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)