Vulnerabilities > CVE-2004-0971 - Unspecified vulnerability in MIT Kerberos 5 1.3.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN mit
nessus
Summary
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200410-24.NASL description The remote host is affected by the vulnerability described in GLSA-200410-24 (MIT krb5: Insecure temporary file use in send-pr.sh) The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When send-pr.sh is called, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15560 published 2004-10-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15560 title GLSA-200410-24 : MIT krb5: Insecure temporary file use in send-pr.sh NASL family Fedora Local Security Checks NASL id FEDORA_2004-563.NASL description A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm last seen 2020-06-01 modified 2020-06-02 plugin id 16028 published 2004-12-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16028 title Fedora Core 2 : krb5-1.3.6-1 (2004-563) NASL family Fedora Local Security Checks NASL id FEDORA_2004-564.NASL description A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm last seen 2020-06-01 modified 2020-06-02 plugin id 16029 published 2004-12-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16029 title Fedora Core 3 : krb5-1.3.6-2 (2004-564) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-012.NASL description Updated Kerberos (krb5) packages that correct buffer overflow and temporary file bugs are now available for Red Hat Enterprise Linux. Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote attacker to execute arbitrary commands on a realm last seen 2020-06-01 modified 2020-06-02 plugin id 16221 published 2005-01-19 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16221 title RHEL 2.1 / 3 : krb5 (RHSA-2005:012)
Oval
| accepted | 2013-04-29T04:06:10.422-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:10497 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | ||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-14 |
| organization | Red Hat |
| statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
- http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
- http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
- http://www.redhat.com/support/errata/RHSA-2005-012.html
- http://www.redhat.com/support/errata/RHSA-2005-012.html
- http://www.securityfocus.com/bid/11289
- http://www.securityfocus.com/bid/11289
- http://www.trustix.org/errata/2004/0050
- http://www.trustix.org/errata/2004/0050
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E
- https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497