KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html | Patch |
http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html | Exploit Patch Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/5733 |
Configurations
Information
Published : 2001-02-15 21:00
Updated : 2017-10-09 18:29
NVD link : CVE-2001-0034
Mitre link : CVE-2001-0034
JSON object : View
CWE
Products Affected
kth
- kth_kerberos