漏洞信息详情
MIT Kerberos 5设计错误漏洞
- CNNVD编号:CNNVD-201012-015
- 危害等级: 低危
- CVE编号: CVE-2010-1323
- 漏洞类型: 加密问题
- 发布时间: 2010-12-03
- 威胁类型: 远程
- 更新时间: 2022-07-08
- 厂 商: mit
- 漏洞来源: Sam Hartman
漏洞简介
MIT Kerberos 5 是一种常用的开源Kerberos实现。
MIT Kerberos 5(又名krb5)1.3.x,1.4.x,1.5.x,1.6.x,1.7.x以及1.8.x至1.8.3版本不能正确地确定可接受的校验。远程攻击者可以借助某些(1)非密钥或者(2)使用RC4密钥的校验,修改用户可见的提示文本,修改对密钥分发中心(KDC)的响应,或伪造KRB-SAFE消息。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
参考网址
来源:CONFIRM
链接:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/42420
来源:SECUNIA
链接:http://secunia.com/advisories/43015
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2010/3118
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.HTML
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2010-0926.HTML
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/517739/100/0/threaded
来源:HP
链接:http://marc.info/?l=bugtraq&m=130497213107107&w=2
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2010/3095
来源:CONFIRM
链接:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
来源:UBUNTU
链接:http://www.ubuntu.com/usn/USN-1030-1
来源:CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2011/Mar/msg00006.HTML
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/514953/100/0/threaded
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2010/3094
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/520102/100/0/threaded
来源:BID
链接:https://www.securityfocus.com/bid/45118
来源:HP
链接:http://marc.info/?l=bugtraq&m=129562442714657&w=2
来源:SECUNIA
链接:http://secunia.com/advisories/46397
来源:SECUNIA
链接:http://secunia.com/advisories/42399
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12121
来源:SECUNIA
链接:http://secunia.com/advisories/42436
来源:OSVDB
链接:http://osvdb.org/69610
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2010-0925.HTML
来源:MLIST
链接:http://lists.vmware.com/pipermail/security-announce/2011/000133.HTML
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2010/3101
来源:CONFIRM
链接:https://www.vmware.com/security/advisories/VMSA-2011-0012.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.HTML
来源:CONFIRM
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT4581
来源:CONFIRM
链接:http://kb.vmware.com/kb/1035108
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051999.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.HTML
来源:DEBIAN
链接:https://www.debian.org/security/2010/dsa-2129
来源:MANDRIVA
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2010:246
来源:CONFIRM
链接:https://www.vmware.com/security/advisories/VMSA-2011-0007.HTML
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2011/0187
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.HTML
来源:MANDRIVA
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2010:245
来源:SECTRACK
链接:http://www.securitytracker.com/id?1024803
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.HTML
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022070719
受影响实体
- Mit Kerberos:5-1.8.3
- Mit Kerberos:5-1.8.1
- Mit Kerberos:5-1.8.2
- Mit Kerberos:5-1.7.1
- Mit Kerberos:5-1.8
补丁
- krb5-clients_1.7dfsg~beta3-1ubuntu0.7_i386
- libkrb5-dbg_1.8.1+dfsg-2ubuntu0.4_armel
- krb5-doc_1.4.3-5ubuntu0.12_all
- libkrb5-dbg_1.8.1+dfsg-5ubuntu0.2_armel
- krb5-doc_1.8.1+dfsg-5ubuntu0.2_all
评论