ID CVE-2014-4345
Summary Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.
References
Vulnerable Configurations
  • cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*
CVSS
Base: 8.5 (as of 20-10-2017 - 01:29)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:S/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 1128157
    title CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment krb5-devel is earlier than 0:1.6.1-80.el5_11
          oval oval:com.redhat.rhsa:tst:20141255002
        • comment krb5-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070095021
      • AND
        • comment krb5-libs is earlier than 0:1.6.1-80.el5_11
          oval oval:com.redhat.rhsa:tst:20141255008
        • comment krb5-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070095019
      • AND
        • comment krb5-server is earlier than 0:1.6.1-80.el5_11
          oval oval:com.redhat.rhsa:tst:20141255006
        • comment krb5-server is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070095023
      • AND
        • comment krb5-server-ldap is earlier than 0:1.6.1-80.el5_11
          oval oval:com.redhat.rhsa:tst:20141255010
        • comment krb5-server-ldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110199011
      • AND
        • comment krb5-workstation is earlier than 0:1.6.1-80.el5_11
          oval oval:com.redhat.rhsa:tst:20141255004
        • comment krb5-workstation is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070095017
    rhsa
    id RHSA-2014:1255
    released 2014-09-17
    severity Moderate
    title RHSA-2014:1255: krb5 security update (Moderate)
  • bugzilla
    id 1128157
    title CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment krb5-devel is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389015
        • comment krb5-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863012
      • AND
        • comment krb5-libs is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389009
        • comment krb5-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863016
      • AND
        • comment krb5-pkinit-openssl is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389011
        • comment krb5-pkinit-openssl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863008
      • AND
        • comment krb5-server is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389005
        • comment krb5-server is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863010
      • AND
        • comment krb5-server-ldap is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389013
        • comment krb5-server-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863006
      • AND
        • comment krb5-workstation is earlier than 0:1.10.3-33.el6
          oval oval:com.redhat.rhsa:tst:20141389007
        • comment krb5-workstation is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100863014
    rhsa
    id RHSA-2014:1389
    released 2014-10-14
    severity Moderate
    title RHSA-2014:1389: krb5 security and bug fix update (Moderate)
  • rhsa
    id RHSA-2015:0439
rpms
  • krb5-devel-0:1.6.1-80.el5_11
  • krb5-libs-0:1.6.1-80.el5_11
  • krb5-server-0:1.6.1-80.el5_11
  • krb5-server-ldap-0:1.6.1-80.el5_11
  • krb5-workstation-0:1.6.1-80.el5_11
  • krb5-devel-0:1.10.3-33.el6
  • krb5-libs-0:1.10.3-33.el6
  • krb5-pkinit-openssl-0:1.10.3-33.el6
  • krb5-server-0:1.10.3-33.el6
  • krb5-server-ldap-0:1.10.3-33.el6
  • krb5-workstation-0:1.10.3-33.el6
  • krb5-devel-0:1.12.2-14.el7
  • krb5-libs-0:1.12.2-14.el7
  • krb5-pkinit-0:1.12.2-14.el7
  • krb5-server-0:1.12.2-14.el7
  • krb5-server-ldap-0:1.12.2-14.el7
  • krb5-workstation-0:1.12.2-14.el7
refmap via4
bid 69168
confirm
debian DSA-3000
fedora
  • FEDORA-2014-9305
  • FEDORA-2014-9315
gentoo GLSA-201412-53
mandriva MDVSA-2014:165
osvdb 109908
sectrack 1030705
secunia
  • 59102
  • 59415
  • 59993
  • 60535
  • 60776
  • 61314
  • 61353
suse
  • SUSE-SU-2014:1028
  • openSUSE-SU-2014:1043
xf kerberos-cve20144345-bo(95212)
Last major update 20-10-2017 - 01:29
Published 14-08-2014 - 05:01
Last modified 21-01-2020 - 15:46
Back to Top