PT-2001-1329 · Netbsd+2 · Netbsd+3

Published

2001-02-12

Updated

2017-10-10

CVE-2001-0094

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: NetBSD versions 1.5 and earlier FreeBSD versions 4.2 and earlier

Description: A buffer overflow issue exists in the kdc reply cipher of libkrb, which is a Kerberos 4 authentication library. This issue affects Kerberised applications, such as telnetd and login, and allows local users to gain root privileges.

Recommendations: For NetBSD versions 1.5 and earlier, consider upgrading to a newer version to resolve the issue. For FreeBSD versions 4.2 and earlier, consider upgrading to a newer version to resolve the issue. As a temporary workaround, consider restricting access to Kerberised applications such as telnetd and login until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0094

Affected Products

Freebsd

Kerberos 4

Netbsd

Libkrb

PT-2001-1329 · Netbsd+2 · Netbsd+3

CVE-2001-0094

Related Identifiers

Affected Products

References · 4