Your submission was sent successfully! Close

CVE-2010-1322

Published: 5 October 2010

The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.

Priority

Medium

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

lucid
Released (1.8.1+dfsg-2ubuntu0.3)
upstream
Released (1.8.4)