CVE-2001-0417

Description

Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.

Affected products

• MIT / kerberos4 – 4
• MIT / Kerberos 51.5.2 – 1.5.2

References

• MISChttp://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html
• MISChttp://www.redhat.com/support/errata/RHSA-2001-025.html