A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos.
Find out more about CVE-2014-4343 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue did not affect the version of krb5 as shipped with Red Hat Enterprise Linux 5.
Base Score | 4.3 |
---|---|
Base Metrics | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 7 (krb5) | RHSA-2015:0439 | 2015-03-05 |
Red Hat Enterprise Linux 6 (krb5) | RHSA-2014:1389 | 2014-10-13 |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 5 | krb5 | Not affected |