Lucene search

[email protected]CVE-2001-0417

HistoryJun 27, 2001 - 4:00 a.m.

CVE-2001-0417

2001-06-2704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

kerberos 4

cve-2001-0417

local user

symlink attack

overwrite files

ticket files

vulnerability

7.1 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.

CPENameOperatorVersion
mit:kerberosmit kerberoseq4
mit:kerberos_5mit kerberos 5eq1.5.2

CPE	Name	Operator	Version
mit:kerberos	mit kerberos	eq	4
mit:kerberos_5	mit kerberos 5	eq	1.5.2

References

archives.neohapsis.com/archives/bugtraq/2001-03/0078.html

www.redhat.com/support/errata/RHSA-2001-025.html

7.1 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON