PT-2003-1343 · Mit · Mit Kerberos V5 Key Distribution Center

E. Larry Lidz

Published

2003-02-01

Updated

2020-01-21

CVE-2003-0060

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MIT Kerberos V5 Key Distribution Center (KDC) versions prior to 1.2.5

Description The issue concerns format string vulnerabilities in the logging routines, which can be exploited by remote attackers. By using format string specifiers in Kerberos principal names, attackers can cause a denial of service, leading to a crash, and potentially execute arbitrary code.

Recommendations For versions prior to 1.2.5, update to version 1.2.5 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0060

Affected Products

Mit Kerberos V5 Key Distribution Center

PT-2003-1343 · Mit · Mit Kerberos V5 Key Distribution Center

CVE-2003-0060

Related Identifiers

Affected Products

References · 10