CVE-2001-0417Kerberos vulnerability

5 documents5 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 70.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MIT KerberosMIT Kerberos 5
Timeline
PublishedJun 27
Latest updateApr 30

Description

Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

NVDmit/kerberos_51.5.2

Patches

Patch: archives.neohapsis.comPatch: archives.neohapsis.com

🔴Vulnerability Details

2
GHSA
GHSA-84hw-m4f3-jqjx: Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files2022-04-30
CVEList
CVE-2001-0417: Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files2001-05-24

📋Vendor Advisories

1
Red Hat
security flaw2001-03-07

💬Community

1
Bugzilla
CVE-2001-0417 security flaw2018-08-16
CVE-2001-0417 — MIT Kerberos vulnerability | cvebase