CVE-2010-4021

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions 1.7 through 1.9.2-r1

Description The Key Distribution Center (KDC) in MIT Kerberos 5 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request. Multiple vulnerabilities in the mit-krb5 package can lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For versions 1.7 through 1.9.2-r1, update to a version later than 1.9.2-r1 to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.