Описание
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | 1.4.3-5ubuntu0.11 |
| devel | not-affected | 1.8.3+dfsg-3 |
| hardy | not-affected | 1.6.dfsg.3~beta1-2ubuntu1.5 |
| karmic | not-affected | 1.7dfsg~beta3-1ubuntu0.6 |
| lucid | released | 1.8.1+dfsg-2ubuntu0.4 |
| maverick | released | 1.8.1+dfsg-5ubuntu0.2 |
| upstream | needs-triage |
Показывать по
3.5 Low
CVSS2
6.3 Medium
CVSS3
Связанные уязвимости
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key- ...
MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.
3.5 Low
CVSS2
6.3 Medium
CVSS3