CVE-2004-0971 | libkrb5-3 (CWE-1035)

[cbilgin23]

Due Date: 2022-11-03

A low severity vulnerability has been discovered in your project.

Project Name: twrap-go

Scanner Name: trivy

Cwe ID: 1035

Cwe Name: Using Components with Known Vulnerabilities

Cwe Link: https://cwe.mitre.org/data/definitions/1035.html

CVE ID: CVE-2004-0971

Target: redis:latest (debian 11.5)

Packages:

• libkrb5-3 : 1.18.3-6+deb11u2 - Fixed Version:

References:

• http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
• http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
• http://www.redhat.com/support/errata/RHSA-2005-012.html
• http://www.securityfocus.com/bid/11289
• http://www.trustix.org/errata/2004/0050
• https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
• https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497

Kondukto Remediation

1: sdfsdfsdf

Tool Description: The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Custom Description: test

Kondukto Link: http://79.kondukto.local/projects/634fe837a5be8478724352c4/vulns/appsec?page=1&perPage=15&id=in:6362476983e330d938697b28
Deeplink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0971