Lucene search
RedHatRHSA-2003:021HistoryFeb 06, 2003 - 12:00 a.m.
(RHSA-2003:021) krb5 security update
2003-02-0600:00:00
access.redhat.com
14
0.008 Low
EPSS
Percentile
81.6%
Kerberos is a network authentication system.
A problem has been found in the Kerberos FTP client. When retrieving a
file with a name beginning with a pipe character, the FTP client will
pass the file name to the command shell in a system() call. This could
allow a malicious FTP server to write to files outside of the current
directory or execute commands as the user running the FTP client.
The Kerberos FTP client runs as the default FTP client when the Kerberos
package krb5-workstation is installed on a Red Hat Linux Advanced Server
distribution.
All users of Kerberos are advised to upgrade to these errata packages which
contain a backported patch and are not vulnerable to this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | i386 | krb5-libs | < 1.2.2-16 | krb5-libs-1.2.2-16.i386.rpm |
| RedHat | any | ia64 | krb5-devel | < 1.2.2-16 | krb5-devel-1.2.2-16.ia64.rpm |
| RedHat | any | i386 | krb5-server | < 1.2.2-16 | krb5-server-1.2.2-16.i386.rpm |
| RedHat | any | ia64 | krb5-server | < 1.2.2-16 | krb5-server-1.2.2-16.ia64.rpm |
| RedHat | any | ia64 | krb5-workstation | < 1.2.2-16 | krb5-workstation-1.2.2-16.ia64.rpm |
| RedHat | any | i386 | krb5-workstation | < 1.2.2-16 | krb5-workstation-1.2.2-16.i386.rpm |
| RedHat | any | ia64 | krb5-libs | < 1.2.2-16 | krb5-libs-1.2.2-16.ia64.rpm |
| RedHat | any | i386 | krb5-devel | < 1.2.2-16 | krb5-devel-1.2.2-16.i386.rpm |
Related
nvd
nvd
CVE-2003-0041
2003-02-19 05:00:00
securityvulns
securityvulns
cve
cve
CVE-2003-0041
2003-02-19 05:00:00
cvelist
cvelist
CVE-2003-0041
2003-02-01 05:00:00
nessus
nessus
Mandrake Linux Security Advisory : krb5 (MDKSA-2003:021)
2004-07-31 00:00:00
RHEL 2.1 : krb5 (RHSA-2003:021)
2004-07-06 00:00:00
debiancve
debiancve
CVE-2003-0041
2003-02-19 05:00:00