PT-2015-3795 · Mit+6 · Mit Kerberos 5+6

Published

2015-01-21

Updated

2024-06-15

CVE-2014-5352

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 versions 1.11.5 and earlier, 1.12.x through 1.12.2, 1.13.x before 1.13.1

Description The issue is related to the improper maintenance of security-context handles in the krb5 gss process context token function. This allows remote authenticated users to cause a denial of service, including use-after-free and double free errors, and daemon crash, or possibly execute arbitrary code via crafted GSSAPI traffic.

Recommendations For versions 1.11.5 and earlier, update to a version later than 1.11.5. For versions 1.12.x through 1.12.2, update to a version later than 1.12.2. For versions 1.13.x before 1.13.1, update to version 1.13.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2015-1151

ALT-PU-2015-1195

CESA-2015_0439

CESA-2015_0794

CVE-2014-5352

DLA-146-1

DSA-3153-1

MGASA-2015-0066

OPENSUSE-SU-2024:10004-1

RHSA-2015:0439

RHSA-2015:0794

RHSA-2015_0439

RHSA-2015_0794

SUSE-SU-2015:0257-1

SUSE-SU-2015:0290-1

SUSE-SU-2015:0290-2

SUSE-SU-2015_0257-1

USN-2498-1

Affected Products

Alt Linux

Centos

Ibm Aix

Mit Kerberos 5

Red Hat

Suse

Ubuntu

PT-2015-3795 · Mit+6 · Mit Kerberos 5+6

CVE-2014-5352

Related Identifiers

Affected Products

References · 99