CVE-2010-1321

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to 1.8.2 mit-krb5 versions prior to 1.9.2-r1

Description The issue is related to multiple vulnerabilities in the MIT Kerberos 5 package, which can lead to a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. The kg accept krb5 function in krb5/accept sec context.c does not properly check for invalid GSS-API tokens. The vulnerabilities can be exploited remotely.

Recommendations For MIT Kerberos 5 versions prior to 1.8.2, update to version 1.8.2 or later. For mit-krb5 versions prior to 1.9.2-r1, update to version 1.9.2-r1 or later. As a temporary workaround, consider disabling the kg accept krb5 function until a patch is available. Restrict access to the GSS-API library to minimize the risk of exploitation. Avoid using the AP-REQ message with missing authenticator's checksum field in the affected API endpoint until the issue is resolved.