Weekly Vulnerabilities Reports > November 29 to December 5, 2010
Overview
3 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 2 products from 1 vendors including and MIT. Vulnerabilities are notably categorized as and "Cryptographic Issues".
- 3 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities are exploitable by an anonymous user.
- MIT has the most reported vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
0 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
0 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|
1 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-12-02 | CVE-2010-4020 | MIT | Cryptographic Issues vulnerability in MIT Kerberos 5 MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations. | 6.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-12-02 | CVE-2010-1324 | MIT | Cryptographic Issues vulnerability in MIT Kerberos 5 MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key. | 3.7 |
2010-12-02 | CVE-2010-1323 | MIT | Cryptographic Issues vulnerability in MIT Kerberos and Kerberos 5 MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys. | 3.7 |