ID CVE-2003-0059
Summary Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 21-01-2020 - 15:44)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2003:051
  • rhsa
    id RHSA-2003:052
  • rhsa
    id RHSA-2003:168
refmap via4
bid 6714
cert-vn VU#684563
conectiva CLSA-2003:639
confirm http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
mandrake MDKSA-2003:043
xf kerberos-kdc-user-spoofing(11188)
Last major update 21-01-2020 - 15:44
Published 19-02-2003 - 05:00
Last modified 21-01-2020 - 15:44
Back to Top