~ubuntu-security/ubuntu-cve-tracker/master : contents of retired/CVE-2010-4021 at revision 13266

~ubuntu-security/ubuntu-cve-tracker/master : (revision 13266)

PublicDateAtUSN: 2010-12-02
Candidate: CVE-2010-4021
PublicDate: 2010-12-02
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4021
 http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt
 http://www.ubuntu.com/usn/usn-1030-1
Description:
 The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not
 properly restrict the use of TGT credentials for armoring TGS requests,
 which might allow remote authenticated users to impersonate a client by
 rewriting an inner request, aka a "KrbFastReq forgery issue."
Ubuntu-Description:
Notes:
 mdeslaur> 1.7 only
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553
Priority: medium
Discovered-by:
Assigned-to:

Patches_krb5:
 upstream: http://anonsvn.mit.edu/viewvc/krb5?view=revision&revision=23643
upstream_krb5: released (1.7.1)
dapper_krb5: not-affected (1.4.3-5ubuntu0.11)
hardy_krb5: not-affected (1.6.dfsg.3~beta1-2ubuntu1.5)
karmic_krb5: released (1.7dfsg~beta3-1ubuntu0.7)
lucid_krb5: not-affected (1.8.1+dfsg-2ubuntu0.3)
maverick_krb5: not-affected (1.8.1+dfsg-5ubuntu0.1)
devel_krb5: not-affected (1.8.3+dfsg-3)