Описание
server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.10.1+dfsg-1 |
| hardy | not-affected | 1.10 only |
| lucid | not-affected | 1.10 only |
| natty | not-affected | 1.10 only |
| oneiric | not-affected | 1.10 only |
| precise | released | 1.10+dfsg~beta1-2ubuntu0.3 |
| upstream | released | 1.10.1+dfsg-1 |
Показывать по
Ссылки на источники
EPSS
5.5 Medium
CVSS2
Связанные уязвимости
server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.
server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.
server/server_stubs.c in the kadmin protocol implementation in MIT Ker ...
server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.
EPSS
5.5 Medium
CVSS2