CVE-2003-0139 Affecting krb5 package, versions <1.2.7-3


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
2.09% (90th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN8-KRB5-395995
  • published24 Mar 2003
  • disclosed24 Mar 2003

Introduced: 24 Mar 2003

CVE-2003-0139  (opens in a new tab)

How to fix?

Upgrade Debian:8 krb5 to version 1.2.7-3 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."

CVSS Scores

version 3.1