CVE-2001-0033
First published: Fri Feb 16 2001(Updated: )
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KTH Kerberos | =4 | |
| NetBSD current | =1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-0033?
CVE-2001-0033 is rated as a medium severity vulnerability.
How do I fix CVE-2001-0033?
To fix CVE-2001-0033, restrict access to the Kerberos configuration directory and properly secure environment variables.
Who is affected by CVE-2001-0033?
CVE-2001-0033 affects KTH Kerberos version 4 and NetBSD version 1.5.
What impact does CVE-2001-0033 have?
If exploited, CVE-2001-0033 allows local users to change Kerberos server configurations, potentially granting them elevated privileges.
Is CVE-2001-0033 exploitable remotely?
CVE-2001-0033 is not remotely exploitable; it requires local access to the vulnerable system.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/kth
- canonical/kth kerberos
- version/kth kerberos/4
- vendor/netbsd
- canonical/netbsd current
- version/netbsd current/1.5