Bug 152850 - CAN-2004-0971,1189 multiple Kerberos V5 (krb5) vulns
CAN-2004-0971,1189 multiple Kerberos V5 (krb5) vulns
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
1, LEGACY, NEEDSWORK, rh73, rh90
Depends On:
  Show dependency treegraph
Reported: 2004-11-09 17:07 EST by David Lawrence
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-21 14:08:18 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:29:38 EST

A vulnerability has been reported in Kerberos V5, which can be exploited by
malicious, local users to perform certain actions on a vulnerable system with
escalated privileges.

The vulnerability is caused due to the "send-pr.sh" script creating temporary
files insecurely. This can be exploited via symlink attacks to create or
overwrite arbitrary files with the privileges of the user invoking the
vulnerable script.

The vulnerability has been reported in versions 1.3.4 and 1.3.5 for Linux. Other
versions may also be affected.

CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0971

Red Hat Bugzilla:


------- Additional Comments From bugzilla.fedora.us@beej.org 2005-01-29 14:27:08 ----

we also need to deal with CAN-2004-1189

------- Additional Comments From pekkas@netcore.fi 2005-03-01 06:00:21 ----

These are tackled in #2040, so I'll close this in order to not duplicate work.

*** This bug has been marked as a duplicate of 2040 ***

------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:29 -------

This bug previously known as bug 2267 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, dkl@redhat.com.
   Previous reporter was fedora-legacy-bugzilla-2004@fumika.jp.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Red Hat Bugzilla 2006-02-21 14:08:18 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.