CVE-2010-1320

Publication date 22 April 2010

Last updated 24 July 2024

Ubuntu priority

Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
krb5	10.04 LTS lucid	Not affected
	9.10 karmic	Fixed 1.7dfsg~beta3-1ubuntu0.6
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-940-1
Kerberos vulnerabilities
19 May 2010

Other references

http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt
https://www.cve.org/CVERecord?id=CVE-2010-1320