{"vuid":"VU#684563","idnumber":"684563","name":"MIT Kerberos V5 allows inter-realm user impersonation by malicious realm controllers with shared keys","keywords":["MIT","Kerberos","Key Distribution Center","KDC","realm","shared key","non-local realm","impersonate other user","realm transit check"],"overview":"MIT Kerberos V5 contains a flaw that allows the controller of one Kerberos realm to impersonate users in a second realm.","clean_desc":"MIT Kerberos V5 releases prior to 1.2.3 contain a vulnerability that allows users from one realm to impersonate users from other non-local realms that use the same (shared) keys. This vulnerability is the result of a flaw in the chk_trans.c file of the libkrb5 library and affects both the Key Distribution Center (KDC) and other Kerberos application servers.","impact":"This vulnerability may allow users to gain unauthorized access to other realms, with various impacts possible depending on the Kerberos access control list (ACL) for each realm.","resolution":"Update your Kerberos installation This vulnerability was addressed in MIT Kerberos V5 1.2.3. MIT krb5 Security Advisory 2003-001 provides additional information from MIT and is available at: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt For information regarding other vendors who may be affected, please see the vendor section  of this document.","workarounds":"Follow the suggestions in MIT krb5 Security Advisory 2003-001 MIT krb5 Security Advisory 2003-001 provides the following recommendations for sites that are unable to apply a patch immediately: Workarounds: Delete or change inter-realm keys so inter-realm authentication is disabled. Remove all non-local principals from all critical ACLs in services using old MIT Kerberos code to validate the realm transit path","sysaffected":"","thanks":"The CERT/CC thanks Joseph Sokol-Margolis and Gerald Britton for discovering this vulnerability and \nKen Raeburn of MIT for bringing it to our attention.","author":"This document was written by Shawn Van Ittersum and Jeffrey P. Lanza.","public":["http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt","http://www.ietf.org/rfc/rfc1510.txt"],"cveids":["CVE-2003-0059"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2002-06-11T17:04:14Z","publicdate":"2003-01-28T00:00:00Z","datefirstpublished":"2003-01-31T19:18:52Z","dateupdated":"2003-04-04T20:05:02Z","revision":39,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"10","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"15","cam_easeofexploitation":"14","cam_attackeraccessrequired":"7","cam_scorecurrent":"14.4703125","cam_scorecurrentwidelyknown":"16.5375","cam_scorecurrentwidelyknownexploited":"20.671875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":14.4703125,"vulnote":null}