Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-5352

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2014-5352
Last Modified 13 Apr 2015 09:59:46
Published 19 Feb 2015 06:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-5352

Summary

The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.

Vulnerable Systems

Application

  • Mit Kerberos 5-1.11

  • Mit Kerberos 5-1.11.1

  • Mit Kerberos 5-1.11.2

  • Mit Kerberos 5-1.11.3

  • Mit Kerberos 5-1.11.4

  • Mit Kerberos 5-1.11.5

  • Mit Kerberos 5-1.12

  • Mit Kerberos 5-1.12.1

  • Mit Kerberos 5-1.12.2

  • Mit Kerberos 5-1.13


References

CONFIRM - https://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506a

CONFIRM - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt

CONFIRM - http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt

UBUNTU - USN-2498-1

DEBIAN - DSA-3153

REDHAT - RHSA-2015:0439

SUSE - openSUSE-SU-2015:0255

SUSE - SUSE-SU-2015:0290

SUSE - SUSE-SU-2015:0257

FEDORA - FEDORA-2015-2382

FEDORA - FEDORA-2015-2347

MANDRIVA - MDVSA-2015:069

REDHAT - RHSA-2015:0794


Last Updated: 27 May 2016 11:08:01