KTH Kerberos IV Privilege Escalation via KRBCONFDIR Environmental Variable

KTH Kerberos IV Privilege Escalation via KRBCONFDIR Environmental Variable

CVE-2001-0033 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.

Learn more about our Cis Benchmark Audit For Server Software.