CVE-2003-0138
krb4 - Cryptographic weakness
EPSS 5.6%
Description
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.
How to fix CVE-2003-0138
To remediate CVE-2003-0138, upgrade the affected package to a fixed version below.
- Debian/heimdal—upgrade to 0.5.2-1 or later
- Debian/heimdal—upgrade to 0.4e-7.woody.8 or later
- Debian/krb4—upgrade to 1.1-8-2.3 or later
- Debian/krb5—upgrade to 1.2.7-3 or later
Is CVE-2003-0138 being exploited?
Moderate — EPSS is 5.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 0.5.2-1
- from 0, < 0.4e-7.woody.8
- from 0, < 1.1-8-2.3
- from 0, < 1.2.7-3