| Vulnerability Name: | CVE-2001-0034 (CCN-5733) | ||||||||
| Assigned: | 2000-12-08 | ||||||||
| Published: | 2000-12-08 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: CCN Type: FreeBSD Security Advisory FreeBSD-SA-01:25 Local and remote vulnerabilities in Kerberos IV Source: BUGTRAQ Type: Exploit, Patch, Vendor Advisory 20001208 Vulnerabilities in KTH Kerberos IV Source: CCN Type: BugTraq Mailing List, Fri Dec 08 2000 - 09:36:27 CST Vulnerabilities in KTH Kerberos IV Source: BUGTRAQ Type: Patch 20001210 KTH upgrade and FIX Source: CCN Type: NetBSD Security Advisory 2000-017 Exploitable bugs in kerberised telnetd and libkrb Source: MITRE Type: CNA CVE-2001-0034 Source: MITRE Type: CNA CVE-2001-0093 Source: CCN Type: OpenBSD Security Advisory, December 7, 2000 Two problems have recently been discovered in the KerberosIV code. Source: CCN Type: OSVDB ID: 4888 KTH Kerberos 4 krb4_proxy False Response Privilege Escalation Source: CCN Type: OSVDB ID: 6106 BSD telnetd Environment Variable Privilege Escalation Source: CCN Type: KTH Kerberos Web site Kerberos page Source: CCN Type: BID-2090 KTH Kerberos 4 Arbitrary Proxy Usage Vulnerability Source: XF Type: UNKNOWN kerberos4-arbitrary-proxy(5733) Source: XF Type: UNKNOWN kerberos4-arbitrary-proxy(5733) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||