PT-2014-1771 · Mit+6 · Mit Kerberos 5+7

Publicado

2014-07-20

Atualizado

2024-06-15

CVE-2014-4341

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to 1.12.2 mit-krb5 versions prior to 1.13

Description The issue allows remote attackers to cause a denial of service by injecting invalid tokens into a GSSAPI application session, potentially leading to a buffer over-read and application crash. Exploitation of the vulnerabilities may compromise the confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited by a remote attacker who has passed the authentication procedure.

Recommendations For MIT Kerberos 5 versions prior to 1.12.2, update to version 1.12.2 or later to resolve the issue. For mit-krb5 versions prior to 1.13, update to version 1.13 or later to resolve the issue. As a temporary workaround, consider restricting access to GSSAPI application sessions to minimize the risk of exploitation.

Correção

DoS

Out of bounds Read

Double Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-415

Identificadores relacionados

ALT-PU-2014-2418

BDU:2015-01984

BDU:2015-09790

CESA-2014_1389

CESA-2015_0439

CVE-2014-4341

DLA-37-1

DSA-3000-1

MGASA-2014-0345

OPENSUSE-SU-2024:10004-1

RHSA-2014:1245

RHSA-2014:1389

RHSA-2014_1245

RHSA-2014_1389

RHSA-2015:0439

RHSA-2015_0439

SUSE-SU-2014_0989-1

USN-2310-1

Produtos afetados

Alt Linux

Centos

Ibm Aix

Mit Kerberos 5

Red Hat

Suse

Ubuntu

Mit-Krb5

PT-2014-1771 · Mit+6 · Mit Kerberos 5+7

CVE-2014-4341

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 103