Back to search
CVE-2012-1012
Published: Jun 7, 2012
Modified: Sep 17, 2024
PUBLISHED
Description
server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://src.mit.edu/fisheye/changelog/krb5/?cs=25704
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=796438
x_refsource_CONFIRM
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7093
x_refsource_CONFIRM
http://web.mit.edu/kerberos/krb5-1.10/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now