CVE-2003-0139

2003-03-2405:00:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.021

Percentile

89.1%

JSON

Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and “ticket splicing.”

OSVersionArchitecturePackageVersionFilename
Debian12allkrb5< 1.2.7-3krb5_1.2.7-3_all.deb
Debian11allkrb5< 1.2.7-3krb5_1.2.7-3_all.deb
Debian999allkrb5< 1.2.7-3krb5_1.2.7-3_all.deb
Debian13allkrb5< 1.2.7-3krb5_1.2.7-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	krb5	< 1.2.7-3	krb5_1.2.7-3_all.deb
Debian	11	all	krb5	< 1.2.7-3	krb5_1.2.7-3_all.deb
Debian	999	all	krb5	< 1.2.7-3	krb5_1.2.7-3_all.deb
Debian	13	all	krb5	< 1.2.7-3	krb5_1.2.7-3_all.deb