Red Hat Bugzilla – Bug 152850
CAN-2004-0971,1189 multiple Kerberos V5 (krb5) vulns
Last modified: 2008-05-01 11:38:06 EDT
A vulnerability has been reported in Kerberos V5, which can be exploited by
malicious, local users to perform certain actions on a vulnerable system with
The vulnerability is caused due to the "send-pr.sh" script creating temporary
files insecurely. This can be exploited via symlink attacks to create or
overwrite arbitrary files with the privileges of the user invoking the
The vulnerability has been reported in versions 1.3.4 and 1.3.5 for Linux. Other
versions may also be affected.
Red Hat Bugzilla:
------- Additional Comments From firstname.lastname@example.org 2005-01-29 14:27:08 ----
we also need to deal with CAN-2004-1189
------- Additional Comments From email@example.com 2005-03-01 06:00:21 ----
These are tackled in #2040, so I'll close this in order to not duplicate work.
*** This bug has been marked as a duplicate of 2040 ***
------- Bug moved to this database by firstname.lastname@example.org 2005-03-30 18:29 -------
This bug previously known as bug 2267 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and Package request component.
Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
The original reporter of this bug does not have
an account here. Reassigning to the person who moved
it here, email@example.com.
Previous reporter was firstname.lastname@example.org.
Setting qa contact to the default for this product.
This bug either had no qa contact or an invalid one.
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.