CVE-2004-0971
published 2005-02-09CVE-2004-0971: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to…
PriorityP46low2.1CVSS 2.0
AVLACLAuNCNIPAN
EPSS
0.33%
24.5th percentile
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.13.2+dfsg-2 (bookworm) | krb5 1.13.2+dfsg-2 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.13.2+dfsg-2 | 1.13.2+dfsg-2 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-2 | 1.13.2+dfsg-2 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-2 | 1.13.2+dfsg-2 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-2 | 1.13.2+dfsg-2 |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:P/A:N
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-09-30·CVSS 2.1
CVE-2004-0971 [LOW] security flaw
security flaw
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2004-0971: krb5 - The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux ...
vendor_debian·2004·CVSS 2.1
CVE-2004-0971 [LOW] CVE-2004-0971: krb5 - The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux ...
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Scope: local
bookworm: resolved (fixed in 1.13.2+dfsg-2)
bullseye: resolved (fixed in 1.13.2+dfsg-2)
forky: resolved (fixed in 1.13.2+dfsg-2)
sid: resolved (fixed in 1.13.2+dfsg-2)
trixie: resolved (fixed in 1.13.2+dfsg-2)
GHSA
GHSA-pj44-9rqm-rw9w: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1
ghsa_unreviewed·2022-04-29
CVE-2004-0971 [LOW] GHSA-pj44-9rqm-rw9w: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
OSV
CVE-2004-0971: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1
osv·2005-02-09·CVSS 2.1
CVE-2004-0971 [LOW] CVE-2004-0971: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
No detection rules found.
No public exploits indexed.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304http://www.gentoo.org/security/en/glsa/glsa-200410-24.xmlhttp://www.redhat.com/support/errata/RHSA-2005-012.htmlhttp://www.securityfocus.com/bid/11289http://www.trustix.org/errata/2004/0050https://exchange.xforce.ibmcloud.com/vulnerabilities/17583https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304http://www.gentoo.org/security/en/glsa/glsa-200410-24.xmlhttp://www.redhat.com/support/errata/RHSA-2005-012.htmlhttp://www.securityfocus.com/bid/11289http://www.trustix.org/errata/2004/0050https://exchange.xforce.ibmcloud.com/vulnerabilities/17583https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3Ehttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
2005-02-09
Published