CVE-2004-0971 — Kerberos 5 vulnerability

8 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 70.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

MIT Krb5 MIT Kerberos 5

Timeline

PublishedFeb 9

Latest updateApr 29

Description

The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianmit/krb5< 1.13.2+dfsg-2+3

▶NVDmit/kerberos_51.3.4

Patches

Patch: www.gentoo.org ↗Patch: www.securityfocus.com ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-pj44-9rqm-rw9w: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1↗2022-04-29

▶

OSV

CVE-2004-0971: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1↗2005-02-09

▶

CVEList

CVE-2004-0971: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1↗2004-10-20

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-09-30

▶

Debian

CVE-2004-0971: krb5 - The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux ...↗2004

▶

💬Community

Bugzilla

CVE-2004-0971 security flaw↗2018-08-16

▶