CVE-2012-1012 (retired)

Priority
Description
server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos
5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1)
SET_STRING and (2) GET_STRINGS operations, which might allow remote
authenticated administrators to modify or read string attributes by
leveraging the global list privilege.
Notes
 sbeattie> only affects 1.10, also nothing in the core code uses string
 sbeattie> attributes yet
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:released (1.10.1+dfsg-1)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1.10.1+dfsg-1)
Patches:
Upstream:http://anonsvn.mit.edu/viewvc/krb5/trunk/src/kadmin/server/server_stubs.c?r1=25704&r2=25703&pathrev=25704
More Information

Updated: 2019-03-26 12:00:57 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)