Multiple checksum handling vulnerabilities were found in the MIT krb5 GSS-API library: * krb5 clients may accept unkeyed SAM-2 challenge checksums * krb5 may accept KRB-SAFE checksums with low-entropy derived keys The first flaw can allow an unauthenticated remote attacker to alter a SAM-2 challenge, affecting the prompt text seen by the user or the kind of response sent to the KDC. Under some circumstances, this can negate the incremental security benefit of using a single-use authentication mechanism toekn. The second flaw allows an unauthenticated remote attacker to have a 1/256 chance of forging KRB-SAFE messages in an application protocol, if the targeted pre-existing session uses an RC4 session key. Few application protocols use KRB-SAFE messages. These flaws affect MIT krb5 version 1.3 and newer. A patch to correct this flaw, as well the other flaws noted in MITKRB5-SA-2010-007 are available from http://web.mit.edu/kerberos/advisories/2010-007-patch.txt (v1.8), http://web.mit.edu/kerberos/advisories/2010-007-patch-r17.txt (v1.7), http://web.mit.edu/kerberos/advisories/2010-007-patch-r16.txt (v1.6), and http://web.mit.edu/kerberos/advisories/2010-007-patch-r15.txt (v1.5). These issues are collectively known as CVE-2010-1323. The upstream announcement is available at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-007.txt. Acknowledgements: Red Hat would like to thank the MIT Kerberos Team for reporting this issue.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0925 https://rhn.redhat.com/errata/RHSA-2010-0925.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2010:0926 https://rhn.redhat.com/errata/RHSA-2010-0926.html