CVE-2010-4021

Publication date 2 December 2010

Last updated 24 July 2024


Ubuntu priority

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."

Read the notes from the security team

Status

Package Ubuntu Release Status
krb5 10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic
Fixed 1.7dfsg~beta3-1ubuntu0.7
8.04 LTS hardy
Not affected
6.06 LTS dapper
Not affected

Notes


mdeslaur

1.7 only

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
krb5

References

Related Ubuntu Security Notices (USN)

    • USN-1030-1
    • Kerberos vulnerabilities
    • 9 December 2010

Other references