Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 152850 - CAN-2004-0971,1189 multiple Kerberos V5 (krb5) vulns
Summary: CAN-2004-0971,1189 multiple Kerberos V5 (krb5) vulns
Keywords:
Status: CLOSED DUPLICATE
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: Package request
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL:
Whiteboard: 1, LEGACY, NEEDSWORK, rh73, rh90
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-09 22:07 UTC by David Lawrence
Modified: 2008-05-01 15:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-02-21 19:08:18 UTC


Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:29:38 UTC
http://secunia.com/advisories/12967/

A vulnerability has been reported in Kerberos V5, which can be exploited by
malicious, local users to perform certain actions on a vulnerable system with
escalated privileges.

The vulnerability is caused due to the "send-pr.sh" script creating temporary
files insecurely. This can be exploited via symlink attacks to create or
overwrite arbitrary files with the privileges of the user invoking the
vulnerable script.

The vulnerability has been reported in versions 1.3.4 and 1.3.5 for Linux. Other
versions may also be affected.

CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0971

Red Hat Bugzilla:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136307

Patch:
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=105432&action=view



------- Additional Comments From bugzilla.fedora.us@beej.org 2005-01-29 14:27:08 ----

we also need to deal with CAN-2004-1189





------- Additional Comments From pekkas@netcore.fi 2005-03-01 06:00:21 ----

These are tackled in #2040, so I'll close this in order to not duplicate work.

*** This bug has been marked as a duplicate of 2040 ***



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:29 -------

This bug previously known as bug 2267 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2267
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, dkl@redhat.com.
   Previous reporter was fedora-legacy-bugzilla-2004@fumika.jp.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.



Comment 1 Red Hat Bugzilla 2006-02-21 19:08:18 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.


Note You need to log in before you can comment on or make changes to this bug.