Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9422

Overview

Vulnerability Score 6.1 6.1
CVE Id CVE-2014-9422
Last Modified 13 Apr 2015 09:59:59
Published 19 Feb 2015 06:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2014-9422

Summary

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.

Vulnerable Systems

Application

  • Mit Kerberos 5-1.11

  • Mit Kerberos 5-1.11.1

  • Mit Kerberos 5-1.11.2

  • Mit Kerberos 5-1.11.3

  • Mit Kerberos 5-1.11.4

  • Mit Kerberos 5-1.11.5

  • Mit Kerberos 5-1.12

  • Mit Kerberos 5-1.12.1

  • Mit Kerberos 5-1.12.2

  • Mit Kerberos 5-1.13


References

CONFIRM - https://github.com/krb5/krb5/commit/6609658db0799053fbef0d7d0aa2f1fd68ef32d8

CONFIRM - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt

CONFIRM - http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt

UBUNTU - USN-2498-1

DEBIAN - DSA-3153

REDHAT - RHSA-2015:0439

SUSE - openSUSE-SU-2015:0255

SUSE - SUSE-SU-2015:0290

SUSE - SUSE-SU-2015:0257

FEDORA - FEDORA-2015-2382

FEDORA - FEDORA-2015-2347

MANDRIVA - MDVSA-2015:069

REDHAT - RHSA-2015:0794


Last Updated: 27 May 2016 11:08:02