Lucene search

Gentoo FoundationGLSA-200404-09

HistoryApr 09, 2004 - 12:00 a.m.

Cross-realm trust vulnerability in Heimdal

2004-04-0900:00:00

Gentoo Foundation

security.gentoo.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.8%

JSON

Background

Heimdal is a free implementation of Kerberos 5.

Description

Heimdal does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.

Impact

Remote attackers with control of a realm may be able to impersonate other users in the cross-realm trust path.

Workaround

A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package.

Resolution

Heimdal users should upgrade to version 0.6.1 or later:

 # emerge sync
 
 # emerge -pv "&gt;=app-crypt/heimdal-0.6.1"
 # emerge "&gt;=app-crypt/heimdal-0.6.1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-crypt/heimdal<= 0.6.0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	app-crypt/heimdal	<= 0.6.0	UNKNOWN

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.8%

JSON

Related for GLSA-200404-09