Oval Definition:oval:org.mitre.oval:def:250
Revision Date:2007-04-25Version:19
Title:Kerberos krb4 Ticket Splicing Vulnerability
Description:Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2003-0139
Platform(s):Red Hat Linux 9
Product(s):krb5
Definition Synopsis
  • Red Hat 9 is installed
  • AND ix86 architecture
  • AND krb5-libs version is less than 1.2.7-14
  • AND krb5-server or krb5-workstation installed
  • krb5-server version is less than 1.2.7-14
  • OR krb5-workstation version is less than 1.2.7-14
    • BACK