CVE-2003-0060

MIT Kerberos 5 - Remote Code Execution via Format String in KDC Logging

Title source: llm

Description

Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.

References (6)

Core 6

Core References

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6712

Patch, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/787523

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/11189

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/4879

Patch, Vendor Advisory x_refsource_confirm

http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639

Scores

EPSS 0.0913

EPSS Percentile 92.8%

Details

Status published

Products (4)

mit/kerberos_5 1.2.1

mit/kerberos_5 1.2.2

mit/kerberos_5 1.2.3

mit/kerberos_5 1.2.4

Published Feb 19, 2003

Tracked Since Feb 18, 2026