Back to search
CVE-2003-0139
Published: Mar 21, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2003:052
vendor-advisory
x_refsource_REDHAT
20030331 GLSA: krb5 & mit-krb5 (200303-28)
mailing-list
x_refsource_BUGTRAQ
VU#442569
third-party-advisory
x_refsource_CERT-VN
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt
x_refsource_CONFIRM
RHSA-2003:091
vendor-advisory
x_refsource_REDHAT
DSA-273
vendor-advisory
x_refsource_DEBIAN
oval:org.mitre.oval:def:250
vdb-entry
signature
x_refsource_OVAL
RHSA-2003:051
vendor-advisory
x_refsource_REDHAT
20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4
mailing-list
x_refsource_BUGTRAQ
DSA-266
vendor-advisory
x_refsource_DEBIAN
20030330 GLSA: openafs (200303-26)
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now