CVE-2014-9422

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (krb5) versions 1.11.5 and earlier MIT Kerberos 5 (krb5) versions 1.12.x through 1.12.2 MIT Kerberos 5 (krb5) versions 1.13.x prior to 1.13.1

Description The issue allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access. This can be achieved by leveraging access to a two-component principal with an initial "kadmind" substring. For example, a principal 'ka/x' can be used to demonstrate this.

Recommendations For versions 1.11.5 and earlier, update to version 1.11.6 or later. For versions 1.12.x through 1.12.2, update to version 1.12.3 or later. For versions 1.13.x prior to 1.13.1, update to version 1.13.1 or later. As a temporary workaround, consider restricting access to the check rpcsec auth function in kadmin/server/kadm rpc svc.c until a patch is available. Restrict access to principals with an initial "kadmind" substring to minimize the risk of exploitation.