CVE-2003-0139

Name of the Vulnerable Software and Affected Versions krb5-workstation versions 1.1.1 through 1.2.7 krb5-devel versions 1.1.1 through 1.2.7 krb5-configs version 1.1.1 krb5-server versions 1.1.1 through 1.2.7 krb5-libs versions 1.1.1 through 1.2.7 krb5 versions 1.1.1 through 1.2.7

Description The issue concerns multiple vulnerabilities in the krb5 package of Red Hat Linux, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Certain weaknesses in the implementation of version 4 of the Kerberos protocol in the krb5 distribution allow an attacker to create unauthorized tickets using a cut-and-paste attack and "ticket splicing" when triple-DES keys are used.

Recommendations For krb5-workstation versions 1.1.1 through 1.2.7, update to a version that contains a fix for this issue. For krb5-devel versions 1.1.1 through 1.2.7, update to a version that contains a fix for this issue. For krb5-configs version 1.1.1, update to a version that contains a fix for this issue. For krb5-server versions 1.1.1 through 1.2.7, update to a version that contains a fix for this issue. For krb5-libs versions 1.1.1 through 1.2.7, update to a version that contains a fix for this issue. For krb5 versions 1.1.1 through 1.2.7, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available.