Vulnerability Name: | CVE-2001-0033 (CCN-5738) | ||||||||
Assigned: | 2000-12-08 | ||||||||
Published: | 2000-12-08 | ||||||||
Updated: | 2017-10-10 | ||||||||
Summary: | KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges. | ||||||||
CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||
References: | Source: BUGTRAQ Type: Exploit, Patch, Vendor Advisory 20001208 Vulnerabilities in KTH Kerberos IV Source: CCN Type: BugTraq Mailing List, Fri Dec 08 2000 - 09:36:27 CST Vulnerabilities in KTH Kerberos IV Source: BUGTRAQ Type: Patch 20001210 KTH upgrade and FIX Source: CCN Type: NetBSD Security Advisory 2000-017 Exploitable bugs in kerberised telnetd and libkrb Source: MITRE Type: CNA CVE-2001-0033 Source: CCN Type: US-CERT VU#602625 KTH Kerberos environment variables krb4proxy and KRBCONFDIR may be used insecurely Source: CCN Type: OpenBSD Security Advisory, December 7, 2000 Two problems have recently been discovered in the KerberosIV code. Source: CCN Type: OSVDB ID: 4889 KTH Kerberos 4 KRBCONFDIR Alternate Directory Source: CCN Type: KTH Kerberos Web site Kerberos page Source: CCN Type: BID-2092 KTH Kerberos 4 User-Supplied Configuration Files Vulnerability Source: XF Type: UNKNOWN kerberos4-user-config(5738) Source: XF Type: UNKNOWN kerberos4-user-config(5738) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |