CVE-2003-0138

Name of the Vulnerable Software and Affected Versions krb5-workstation versions 1.1.1 through 1.2.7 krb5-configs version 1.1.1 krb5-devel versions 1.1.1 through 1.2.7 krb5-server versions 1.1.1 through 1.2.7 krb5-libs versions 1.1.1 through 1.2.7 krb5 versions 1.1.1 through 1.2.7

Description The issue affects the Kerberos protocol, allowing an attacker to impersonate any principal in a realm via a chosen-plaintext attack. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely.

Recommendations For krb5-workstation versions 1.1.1 through 1.2.7, update to a version that contains a fix for this issue. For krb5-configs version 1.1.1, update to a version that contains a fix for this issue. For krb5-devel versions 1.1.1 through 1.2.7, update to a version that contains a fix for this issue. For krb5-server versions 1.1.1 through 1.2.7, update to a version that contains a fix for this issue. For krb5-libs versions 1.1.1 through 1.2.7, update to a version that contains a fix for this issue. For krb5 versions 1.1.1 through 1.2.7, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Kerberos protocol until a patch is available.