漏洞信息详情
MIT Kerberos Key Distribution Center远程格式化字符串漏洞
- CNNVD编号:CNNVD-200302-035
- 危害等级: 高危
![图片[1]-MIT Kerberos Key Distribution Center远程格式化字符串漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-12/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2003-0060
- 漏洞类型:
格式化字符串
- 发布时间:
2003-02-19
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
mit - 漏洞来源:
The discovery of t… -
漏洞简介
MIT Kerberos V5 Key Distribution Center (KDC) 1.2.5之前版本的登录日志存在格式化字符串漏洞。远程攻击者可以借助Kerberos委托名中的格式化字符串说明符导致服务拒绝(崩溃),并且可能可以执行任意代码。
漏洞公告
This issue has been addressed in MIT Kerberos 1.2.5 and later. Users are advised to upgrade to as soon as possible.
Red Hat has released an advisory (RHSA-2003:051-01) to address this issue.
Please see the attached adivosry reference for details on obtaining and
applying fixes.
Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible.
MIT Kerberos 5 1.1.1
-
Red Hat krb5-configs-1.1.1-40.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/krb5-configs-1.1.1-40.i386.rpm
-
Red Hat krb5-devel-1.1.1-40.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/krb5-devel-1.1.1-40.i386.rpm -
Red Hat krb5-libs-1.1.1-40.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/krb5-libs-1.1.1-40.i386.rpm -
Red Hat krb5-server-1.1.1-40.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/krb5-server-1.1.1-40.i386.rpm -
Red Hat krb5-workstation-1.1.1-40.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/krb5-workstation-1.1.1-40.i386
.rpm
MIT Kerberos 5 1.2
-
MIT Kerberos 1.2.5
http://web.mit.edu/kerberos/www/krb5-1.2/index.html
MIT Kerberos 5 1.2.1
-
MIT Kerberos 1.2.5
http://web.mit.edu/kerberos/www/krb5-1.2/index.html
MIT Kerberos 5 1.2.2
-
MIT Kerberos 1.2.5
http://web.mit.edu/kerberos/www/krb5-1.2/index.html -
Red Hat krb5-devel-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/krb5-devel-1.2.2-24.i386.rpm -
Red Hat krb5-devel-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/krb5-devel-1.2.2-24.i386.rpm -
Red Hat krb5-devel-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/krb5-devel-1.2.2-24.i386.rpm -
Red Hat krb5-devel-1.2.2-24.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/krb5-devel-1.2.2-24.ia64.rpm -
Red Hat krb5-libs-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/krb5-libs-1.2.2-24.i386.rpm -
Red Hat krb5-libs-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/krb5-libs-1.2.2-24.i386.rpm -
Red Hat krb5-libs-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/krb5-libs-1.2.2-24.i386.rpm -
Red Hat krb5-libs-1.2.2-24.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/krb5-libs-1.2.2-24.ia64.rpm -
Red Hat krb5-server-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/krb5-server-1.2.2-24.i386.rpm -
Red Hat krb5-server-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/krb5-server-1.2.2-24.i386.rpm -
Red Hat krb5-server-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/krb5-server-1.2.2-24.i386.rpm -
Red Hat krb5-server-1.2.2-24.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/krb5-server-1.2.2-24.ia64.rpm -
Red Hat krb5-workstation-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/krb5-workstation-1.2.2-24.i386
.rpm -
Red Hat krb5-workstation-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/krb5-workstation-1.2.2-24.i386
.rpm -
Red Hat krb5-workstation-1.2.2-24.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/krb5-workstation-1.2.2-24.i386
.rpm -
Red Hat krb5-workstation-1.2.2-24.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/krb5-workstation-1.2.2-24.ia64
.rpm
MIT Kerberos 5 1.2.3
-
Conectiva krb5-1.2.8-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-1.2.8-1U80_1cl.i386.rp
m -
Conectiva krb5-apps-clients-1.2.8-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-apps-clients-1.2.8-1U8
0_1cl.i386.rpm -
Conectiva krb5-apps-servers-1.2.8-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-apps-servers-1.2.8-1U8
0_1cl.i386.rpm -
Conectiva krb5-client-1.2.8-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-client-1.2.8-1U80_1cl.
i386.rpm -
Conectiva krb5-devel-1.2.8-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-devel-1.2.8-1U80_1cl.i
386.rpm -
Conectiva krb5-devel-static-1.2.8-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-devel-static-1.2.8-1U8
0_1cl.i386.rpm -
Conectiva krb5-doc-1.2.8-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-doc-1.2.8-1U80_1cl.i38
6.rpm -
Conectiva krb5-server-1.2.8-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/krb5-server-1.2.8-1U80_1cl.
i386.rpm -
MIT Kerberos 1.2.5
http://web.mit.edu/kerberos/www/krb5-1.2/index.html
MIT Kerberos 5 1.2.4
参考网址
来源:US-CERT Vulnerability Note: VU#787523
名称: VU#787523
链接:http://www.kb.cert.org/vuls/id/787523
来源: BID
名称: 6712
链接:http://www.securityfocus.com/bid/6712
来源: web.mit.edu
链接:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
来源: XF
名称: kerberos-kdc-format-string(11189)
链接:http://xforce.iss.net/xforce/xfdb/11189
来源: OSVDB
名称: 4879
链接:http://www.osvdb.org/4879
来源: CONECTIVA
名称: CLSA-2003:639
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
