ID CVE-2014-4345
Summary Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.
References
Vulnerable Configurations
  • MIT Kerberos 5 1.6
    cpe:2.3:a:mit:kerberos:5-1.6
  • MIT Kerberos 5 1.6.1
    cpe:2.3:a:mit:kerberos:5-1.6.1
  • MIT Kerberos 5 1.6.2
    cpe:2.3:a:mit:kerberos:5-1.6.2
  • MIT Kerberos 5 1.7
    cpe:2.3:a:mit:kerberos:5-1.7
  • MIT Kerberos 5 1.7.1
    cpe:2.3:a:mit:kerberos:5-1.7.1
  • MIT Kerberos 5 1.8
    cpe:2.3:a:mit:kerberos:5-1.8
  • MIT Kerberos 5 1.8.1
    cpe:2.3:a:mit:kerberos:5-1.8.1
  • MIT Kerberos 5 1.8.2
    cpe:2.3:a:mit:kerberos:5-1.8.2
  • MIT Kerberos 5 1.8.3
    cpe:2.3:a:mit:kerberos:5-1.8.3
  • MIT Kerberos 5 1.8.4
    cpe:2.3:a:mit:kerberos:5-1.8.4
  • MIT Kerberos 5 1.8.5
    cpe:2.3:a:mit:kerberos:5-1.8.5
  • MIT Kerberos 5 1.8.6
    cpe:2.3:a:mit:kerberos:5-1.8.6
  • MIT Kerberos 5 1.9
    cpe:2.3:a:mit:kerberos:5-1.9
  • MIT Kerberos 5 1.9.1
    cpe:2.3:a:mit:kerberos:5-1.9.1
  • MIT Kerberos 5 1.9.2
    cpe:2.3:a:mit:kerberos:5-1.9.2
  • MIT Kerberos 5 1.9.3
    cpe:2.3:a:mit:kerberos:5-1.9.3
  • MIT Kerberos 5 1.9.4
    cpe:2.3:a:mit:kerberos:5-1.9.4
  • MIT Kerberos 5 1.10
    cpe:2.3:a:mit:kerberos:5-1.10
  • MIT Kerberos 5 1.10.1
    cpe:2.3:a:mit:kerberos:5-1.10.1
  • MIT Kerberos 5 1.10.2
    cpe:2.3:a:mit:kerberos:5-1.10.2
  • MIT Kerberos 5 1.10.3
    cpe:2.3:a:mit:kerberos:5-1.10.3
  • MIT Kerberos 5 1.10.4
    cpe:2.3:a:mit:kerberos:5-1.10.4
  • MIT Kerberos 5 1.11
    cpe:2.3:a:mit:kerberos:5-1.11
  • MIT Kerberos 5 1.11.1
    cpe:2.3:a:mit:kerberos:5-1.11.1
  • MIT Kerberos 5 1.11.2
    cpe:2.3:a:mit:kerberos:5-1.11.2
  • MIT Kerberos 5 1.11.3
    cpe:2.3:a:mit:kerberos:5-1.11.3
  • MIT Kerberos 5 1.11.4
    cpe:2.3:a:mit:kerberos:5-1.11.4
  • MIT Kerberos 5 1.11.5
    cpe:2.3:a:mit:kerberos:5-1.11.5
  • MIT Kerberos 5 1.12
    cpe:2.3:a:mit:kerberos:5-1.12
  • MIT Kerberos 5 1.12.1
    cpe:2.3:a:mit:kerberos:5-1.12.1
CVSS
Base: 8.5 (as of 14-08-2014 - 14:09)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2310-1.NASL
    description It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-1016) It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415) It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ requests. A remote authenticated attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1416) It was discovered that Kerberos incorrectly handled certain crafted requests when multiple realms were configured. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1418, CVE-2013-6800) It was discovered that Kerberos incorrectly handled certain invalid tokens. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to cause the daemon to crash, resulting in a denial of service. (CVE-2014-4341, CVE-2014-4342) It was discovered that Kerberos incorrectly handled certain mechanisms when used with SPNEGO. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be used to cause clients to crash, resulting in a denial of service. (CVE-2014-4343) It was discovered that Kerberos incorrectly handled certain continuation tokens during SPNEGO negotiations. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. (CVE-2014-4344) Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-4345). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77147
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77147
    title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : krb5 vulnerabilities (USN-2310-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1255.NASL
    description Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77741
    published 2014-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77741
    title RHEL 5 : krb5 (RHSA-2014:1255)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9315.NASL
    description This update incorporates the upstream fix for a possible buffer overrun in kadmind when the LDAP kdb backend is in use (CVE-2014-4345). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 77211
    published 2014-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77211
    title Fedora 20 : krb5-1.11.5-11.fc20 (2014-9315)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_KERBEROS_20141120.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/ libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of 'cpw -keepold' commands. (CVE-2014-4345)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80655
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80655
    title Oracle Solaris Third-Party Patch Update : kerberos (cve_2014_4345_numeric_errors)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0439.NASL
    description Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application. (CVE-2014-5352) If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker with the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353) A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421) It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422) An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application. (CVE-2014-9423) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT Kerberos project acknowledges Nico Williams for helping with the analysis of CVE-2014-5352. The krb5 packages have been upgraded to upstream version 1.12, which provides a number of bug fixes and enhancements, including : * Added plug-in interfaces for principal-to-username mapping and verifying authorization to user accounts. * When communicating with a KDC over a connected TCP or HTTPS socket, the client gives the KDC more time to reply before it transmits the request to another server. (BZ#1049709, BZ#1127995) This update also fixes multiple bugs, for example : * The Kerberos client library did not recognize certain exit statuses that the resolver libraries could return when looking up the addresses of servers configured in the /etc/krb5.conf file or locating Kerberos servers using DNS service location. The library could treat non-fatal return codes as fatal errors. Now, the library interprets the specific return codes correctly. (BZ#1084068, BZ#1109102) In addition, this update adds various enhancements. Among others : * Added support for contacting KDCs and kpasswd servers through HTTPS proxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)
    last seen 2019-02-21
    modified 2015-05-31
    plugin id 81896
    published 2015-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81896
    title CentOS 7 : krb5 (CESA-2015:0439)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0034.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - actually apply that last patch - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) - ksu: when evaluating .k5users, treat lines with just a principal name as if they contained the principal name followed by '*', and don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344, #1121510) - gssapi: pull in proposed-and-accepted fix for a double free in initiators (David Woodhouse, CVE-2014-4343, #1121510) - correct a type mistake in the backported fix for (CVE-2013-1418, CVE-2013-6800) - pull in backported fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1121510) - incorporate backported patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800, more of - pull in backport of patch to not subsequently always require that responses come from master KDCs if we get one from a master somewhere along the way while chasing referrals (RT#7650, #1113652) - ksu: if the -e flag isn't used, use the target user's shell when checking for authorization via the target user's .k5users file (#1026721) - define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that it's declared (#1059730) - spnego: pull in patch from master to restore preserving the OID of the mechanism the initiator requested when we have multiple OIDs for the same mechanism, so that we reply using the same mechanism OID and the initiator doesn't get confused (#1087068, RT#7858) - add patch from Jatin Nansi to avoid attempting to clear memory at the NULL address if krb5_encrypt_helper returns an error when called from encrypt_credencpart (#1055329, pull #158) - drop patch to add additional access checks to ksu - they shouldn't be resulting in any benefit - apply patch from Nikolai Kondrashov to pass a default realm set in /etc/sysconfig/krb5kdc to the kdb_check_weak helper, so that it doesn't produce an error if there isn't one set in krb5.conf (#1009389) - packaging: don't Obsoletes: older versions of krb5-pkinit-openssl and virtual Provide: krb5-pkinit-openssl on EL6, where we don't need to bother with any of that (#1001961) - pkinit: backport tweaks to avoid trying to call the prompter callback when one isn't set (part of #965721) - pkinit: backport the ability to use a prompter callback to prompt for a password when reading private keys (the rest of #965721) - backport fix to not spin on a short read when reading the length of a response over TCP (RT#7508, #922884) - backport fix for trying all compatible keys when not being strict about acceptor names while reading AP-REQs (RT#7883, #1070244) - backport fix for not being able to verify the list of transited realms in GSS acceptors (RT#7639, #959685) - pull fix for keeping track of the message type when parsing FAST requests in the KDC (RT#7605, #951965) - incorporate upstream patch to fix a NULL pointer dereference while processing certain TGS requests (CVE-2013-1416, #950343) - incorporate upstream patch to fix a NULL pointer dereference when the client supplies an otherwise-normal-looking PKINIT request (CVE-2013-1415, #917910) - add patch to avoid dereferencing a NULL pointer in the KDC when handling a draft9 PKINIT request (#917910, CVE-2012-1016) - pull up fix for UDP ping-pong flaw in kpasswd service (CVE-2002-2443, - don't leak the memory used to hold the previous entry when walking a keytab to figure out which kinds of keys we have (#911147)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79549
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79549
    title OracleVM 3.3 : krb5 (OVMSA-2014-0034)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0439.NASL
    description From Red Hat Security Advisory 2015:0439 : Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application. (CVE-2014-5352) If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker with the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353) A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421) It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422) An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application. (CVE-2014-9423) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT Kerberos project acknowledges Nico Williams for helping with the analysis of CVE-2014-5352. The krb5 packages have been upgraded to upstream version 1.12, which provides a number of bug fixes and enhancements, including : * Added plug-in interfaces for principal-to-username mapping and verifying authorization to user accounts. * When communicating with a KDC over a connected TCP or HTTPS socket, the client gives the KDC more time to reply before it transmits the request to another server. (BZ#1049709, BZ#1127995) This update also fixes multiple bugs, for example : * The Kerberos client library did not recognize certain exit statuses that the resolver libraries could return when looking up the addresses of servers configured in the /etc/krb5.conf file or locating Kerberos servers using DNS service location. The library could treat non-fatal return codes as fatal errors. Now, the library interprets the specific return codes correctly. (BZ#1084068, BZ#1109102) In addition, this update adds various enhancements. Among others : * Added support for contacting KDCs and kpasswd servers through HTTPS proxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 81805
    published 2015-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81805
    title Oracle Linux 7 : krb5 (ELSA-2015-0439)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150305_KRB5_ON_SL7_X.NASL
    description A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application. (CVE-2014-5352) If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker with the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353) A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421) It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422) An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application. (CVE-2014-9423) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) The krb5 packages have been upgraded to upstream version 1.12, which provides a number of bug fixes and enhancements, including : - Added plug-in interfaces for principal-to-username mapping and verifying authorization to user accounts. - When communicating with a KDC over a connected TCP or HTTPS socket, the client gives the KDC more time to reply before it transmits the request to another server. This update also fixes multiple bugs, for example : - The Kerberos client library did not recognize certain exit statuses that the resolver libraries could return when looking up the addresses of servers configured in the /etc/krb5.conf file or locating Kerberos servers using DNS service location. The library could treat non-fatal return codes as fatal errors. Now, the library interprets the specific return codes correctly. In addition, this update adds various enhancements. Among others : - Added support for contacting KDCs and kpasswd servers through HTTPS proxies implementing the Kerberos KDC Proxy (KKDCP) protocol.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 82255
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82255
    title Scientific Linux Security Update : krb5 on SL7.x x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9305.NASL
    description This update incorporates the upstream fix for a possible buffer overrun in kadmind when the LDAP kdb backend is in use (CVE-2014-4345). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 77392
    published 2014-08-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77392
    title Fedora 19 : krb5-1.11.3-25.fc19 (2014-9305)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-508.NASL
    description Thit MIT krb5 update fixes the following security issue : - buffer overrun in kadmind with LDAP backend (bnc#891082, CVE-2014-4345)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77297
    published 2014-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77297
    title openSUSE Security Update : krb5 / krb5-doc / krb5-mini (openSUSE-SU-2014:1043-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KRB5-140812.NASL
    description This MIT krb5 update fixes a buffer overrun problem in kadmind : - buffer overrun in kadmind with LDAP back end (MITKRB5-SA-2014-001) (CVE-2014-4345) MIT krb5 Security Advisory 2014-001. (bnc#891082) - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-0 01.txt
    last seen 2019-02-21
    modified 2015-02-28
    plugin id 77230
    published 2014-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77230
    title SuSE 11.3 Security Update : krb5 (SAT Patch Number 9606)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0439.NASL
    description Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application. (CVE-2014-5352) If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker with the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353) A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421) It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as 'kad/x') could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422) An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application. (CVE-2014-9423) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT Kerberos project acknowledges Nico Williams for helping with the analysis of CVE-2014-5352. The krb5 packages have been upgraded to upstream version 1.12, which provides a number of bug fixes and enhancements, including : * Added plug-in interfaces for principal-to-username mapping and verifying authorization to user accounts. * When communicating with a KDC over a connected TCP or HTTPS socket, the client gives the KDC more time to reply before it transmits the request to another server. (BZ#1049709, BZ#1127995) This update also fixes multiple bugs, for example : * The Kerberos client library did not recognize certain exit statuses that the resolver libraries could return when looking up the addresses of servers configured in the /etc/krb5.conf file or locating Kerberos servers using DNS service location. The library could treat non-fatal return codes as fatal errors. Now, the library interprets the specific return codes correctly. (BZ#1084068, BZ#1109102) In addition, this update adds various enhancements. Among others : * Added support for contacting KDCs and kpasswd servers through HTTPS proxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81637
    published 2015-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81637
    title RHEL 7 : krb5 (RHSA-2015:0439)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1255.NASL
    description From Red Hat Security Advisory 2014:1255 : Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 77740
    published 2014-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77740
    title Oracle Linux 5 : krb5 (ELSA-2014-1255)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1255.NASL
    description Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 78396
    published 2014-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78396
    title CentOS 5 : krb5 (CESA-2014:1255)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1389.NASL
    description From Red Hat Security Advisory 2014:1389 : Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 78523
    published 2014-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78523
    title Oracle Linux 6 : krb5 (ELSA-2014-1389)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-53.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-53 (MIT Kerberos 5: User-assisted execution of arbitrary code) Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary code with the privileges of the process or cause Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 80328
    published 2015-01-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80328
    title GLSA-201412-53 : MIT Kerberos 5: User-assisted execution of arbitrary code
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3000.NASL
    description Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when attempting to read beyond the end of a buffer. - CVE-2014-4342 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when reading beyond the end of a buffer or by causing a NULL pointer dereference. - CVE-2014-4343 An unauthenticated remote attacker with the ability to spoof packets appearing to be from a GSSAPI acceptor can cause a double-free condition in GSSAPI initiators (clients) which are using the SPNEGO mechanism, by returning a different underlying mechanism than was proposed by the initiator. A remote attacker could exploit this flaw to cause an application crash or potentially execute arbitrary code. - CVE-2014-4344 An unauthenticated or partially authenticated remote attacker can cause a NULL dereference and application crash during a SPNEGO negotiation by sending an empty token as the second or later context token from initiator to acceptor. - CVE-2014-4345 When kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77101
    published 2014-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77101
    title Debian DSA-3000-1 : krb5 - security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141014_KRB5_ON_SL6_X.NASL
    description It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 78846
    published 2014-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78846
    title Scientific Linux Security Update : krb5 on SL6.x i386/x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-443.NASL
    description It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418 , CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341 , CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 79292
    published 2014-11-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79292
    title Amazon Linux AMI : krb5 (ALAS-2014-443)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-37.NASL
    description Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when attempting to read beyond the end of a buffer. CVE-2014-4342 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when reading beyond the end of a buffer or by causing a NULL pointer dereference. CVE-2014-4343 An unauthenticated remote attacker with the ability to spoof packets appearing to be from a GSSAPI acceptor can cause a double-free condition in GSSAPI initiators (clients) which are using the SPNEGO mechanism, by returning a different underlying mechanism than was proposed by the initiator. A remote attacker could exploit this flaw to cause an application crash or potentially execute arbitrary code. CVE-2014-4344 An unauthenticated or partially authenticated remote attacker can cause a NULL dereference and application crash during a SPNEGO negotiation by sending an empty token as the second or later context token from initiator to acceptor. CVE-2014-4345 When kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82185
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82185
    title Debian DLA-37-1 : krb5 security update
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-165.NASL
    description Updated krb5 package fixes security vulnerabilities : MIT Kerberos 5 allows attackers to cause a denial of service via a buffer over-read or NULL pointer dereference, by injecting invalid tokens into a GSSAPI application session (CVE-2014-4341, CVE-2014-4342). MIT Kerberos 5 allows attackers to cause a denial of service via a double-free flaw or NULL pointer dereference, while processing invalid SPNEGO tokens (CVE-2014-4344). In MIT Kerberos 5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow) (CVE-2014-4345).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 77644
    published 2014-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77644
    title Mandriva Linux Security Advisory : krb5 (MDVSA-2014:165)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1389.NASL
    description Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79178
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79178
    title CentOS 6 : krb5 (CESA-2014:1389)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1389.NASL
    description Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 78406
    published 2014-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78406
    title RHEL 6 : krb5 (RHSA-2014:1389)
redhat via4
advisories
  • bugzilla
    id 1128157
    title CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment krb5-devel is earlier than 0:1.6.1-80.el5_11
          oval oval:com.redhat.rhsa:tst:20141255002
        • comment krb5-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070095021
      • AND
        • comment krb5-libs is earlier than 0:1.6.1-80.el5_11
          oval oval:com.redhat.rhsa:tst:20141255008
        • comment krb5-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070095019
      • AND
        • comment krb5-server is earlier than 0:1.6.1-80.el5_11
          oval oval:com.redhat.rhsa:tst:20141255006
        • comment krb5-server is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070095023
      • AND
        • comment krb5-server-ldap is earlier than 0:1.6.1-80.el5_11
          oval oval:com.redhat.rhsa:tst:20141255010
        • comment krb5-server-ldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110199011
      • AND
        • comment krb5-workstation is earlier than 0:1.6.1-80.el5_11
          oval oval:com.redhat.rhsa:tst:20141255004
        • comment krb5-workstation is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070095017
    rhsa
    id RHSA-2014:1255
    released 2014-09-17
    severity Moderate
    title RHSA-2014:1255: krb5 security update (Moderate)
  • bugzilla
    id 1128157
    title CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment krb5-devel is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389015
        • comment krb5-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863012
      • AND
        • comment krb5-libs is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389009
        • comment krb5-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863016
      • AND
        • comment krb5-pkinit-openssl is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389011
        • comment krb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863008
      • AND
        • comment krb5-server is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389005
        • comment krb5-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863010
      • AND
        • comment krb5-server-ldap is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389013
        • comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863006
      • AND
        • comment krb5-workstation is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389007
        • comment krb5-workstation is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863014
    rhsa
    id RHSA-2014:1389
    released 2014-10-14
    severity Moderate
    title RHSA-2014:1389: krb5 security and bug fix update (Moderate)
  • rhsa
    id RHSA-2015:0439
rpms
  • krb5-devel-0:1.6.1-80.el5_11
  • krb5-libs-0:1.6.1-80.el5_11
  • krb5-server-0:1.6.1-80.el5_11
  • krb5-server-ldap-0:1.6.1-80.el5_11
  • krb5-workstation-0:1.6.1-80.el5_11
  • krb5-devel-0:1.10.3-33.el6
  • krb5-libs-0:1.10.3-33.el6
  • krb5-pkinit-openssl-0:1.10.3-33.el6
  • krb5-server-0:1.10.3-33.el6
  • krb5-server-ldap-0:1.10.3-33.el6
  • krb5-workstation-0:1.10.3-33.el6
  • krb5-devel-0:1.12.2-14.el7
  • krb5-libs-0:1.12.2-14.el7
  • krb5-pkinit-0:1.12.2-14.el7
  • krb5-server-0:1.12.2-14.el7
  • krb5-server-ldap-0:1.12.2-14.el7
  • krb5-workstation-0:1.12.2-14.el7
refmap via4
bid 69168
confirm
debian DSA-3000
fedora
  • FEDORA-2014-9305
  • FEDORA-2014-9315
gentoo GLSA-201412-53
mandriva MDVSA-2014:165
osvdb 109908
sectrack 1030705
secunia
  • 59102
  • 59415
  • 59993
  • 60535
  • 60776
  • 61314
  • 61353
suse
  • SUSE-SU-2014:1028
  • openSUSE-SU-2014:1043
xf kerberos-cve20144345-bo(95212)
Last major update 06-01-2017 - 22:00
Published 14-08-2014 - 01:01
Last modified 19-10-2017 - 21:29
Back to Top