CVE-2012-1012

Sažetak

server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.

Reference

http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7093
http://src.mit.edu/fisheye/changelog/krb5/?cs=25704
http://web.mit.edu/kerberos/krb5-1.10/
https://bugzilla.redhat.com/show_bug.cgi?id=796438

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Zadnje važnije ažuriranje

21-01-2020 - 15:46

Objavljeno

07-06-2012 - 19:55