Vulnerabilities > CVE-2004-0971 - Unspecified vulnerability in MIT Kerberos 5 1.3.4

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mit
nessus

Summary

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Vulnerable Configurations

Part Description Count
Application
Mit
1

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200410-24.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200410-24 (MIT krb5: Insecure temporary file use in send-pr.sh) The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact : A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When send-pr.sh is called, this would result in the file being overwritten with the rights of the user running the utility, which could be the root user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id15560
    published2004-10-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15560
    titleGLSA-200410-24 : MIT krb5: Insecure temporary file use in send-pr.sh
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-563.NASL
    descriptionA heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm
    last seen2020-06-01
    modified2020-06-02
    plugin id16028
    published2004-12-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16028
    titleFedora Core 2 : krb5-1.3.6-1 (2004-563)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-564.NASL
    descriptionA heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This overflow in the password history handling code could allow an authenticated remote attacker to execute commands on a realm
    last seen2020-06-01
    modified2020-06-02
    plugin id16029
    published2004-12-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16029
    titleFedora Core 3 : krb5-1.3.6-2 (2004-564)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-012.NASL
    descriptionUpdated Kerberos (krb5) packages that correct buffer overflow and temporary file bugs are now available for Red Hat Enterprise Linux. Kerberos is a networked authentication system that uses a trusted third party (a KDC) to authenticate clients and servers to each other. A heap based buffer overflow bug was found in the administration library of Kerberos 1.3.5 and earlier. This bug could allow an authenticated remote attacker to execute arbitrary commands on a realm
    last seen2020-06-01
    modified2020-06-02
    plugin id16221
    published2005-01-19
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16221
    titleRHEL 2.1 / 3 : krb5 (RHSA-2005:012)

Oval

accepted2013-04-29T04:06:10.422-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
familyunix
idoval:org.mitre.oval:def:10497
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
version26

Redhat

advisories
rhsa
idRHSA-2005:012
rpms
  • krb5-debuginfo-0:1.2.7-38
  • krb5-devel-0:1.2.7-38
  • krb5-libs-0:1.2.7-38
  • krb5-server-0:1.2.7-38
  • krb5-workstation-0:1.2.7-38

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.