PT-2014-1929 · Mit+4 · Mit Kerberos 5+4

Publicado

2014-10-09

Atualizado

2024-06-15

CVE-2014-5351

CVSS v2.0

8.5

Alta

Vetor

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions prior to 1.13

Description The issue allows remote authenticated users to forge tickets by leveraging administrative access. This is due to the kadm5 randkey principal 3 function in lib/kadm5/srv/svr principal.c in kadmind sending old keys in a response to a -randkey -keepold request. The exploitation of this issue may lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 1.13, update to version 1.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the kadmind service to minimize the risk of exploitation. Avoid using the -randkey -keepold request in the affected kadmind service until the issue is resolved.

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-255CWE-125

Identificadores relacionados

ALT-PU-2014-2418

BDU:2015-09790

CVE-2014-5351

DLA-1265-1

MGASA-2014-0477

OPENSUSE-SU-2024:10004-1

SUSE-SU-2014_1410-1

SUSE-SU-2015:0290-1

SUSE-SU-2015:0290-2

SUSE-SU-2015_0290-1

SUSE-SU-2015_0290-2

USN-2498-1

Produtos afetados

Alt Linux

Ibm Aix

Mit Kerberos 5

Suse

Ubuntu

PT-2014-1929 · Mit+4 · Mit Kerberos 5+4

CVE-2014-5351

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 96