Several security issues were fixed in Kerberos ...
Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2014-4341
An unauthenticated remote attacker with the ability to inject
packets into a legitimately established GSSAPI application session
can cause a program crash ...
Debian Bug report logs -
#757416
CVE-2014-4345 in krb5-kdc-ldap: buffer overrun in kadmind
Package:
krb5-kdc-ldap;
Maintainer for krb5-kdc-ldap is Sam Hartman <hartmans@debianorg>; Source for krb5-kdc-ldap is src:krb5 (PTS, buildd, popcon)
Reported by: Benjamin Kaduk <kaduk@MITEDU>
Date: Thu, 7 Aug 2014 22:39:01 U ...
Debian Bug report logs -
#753624
CVE-2014-4341 in krb5: insufficient validation processing rfc 1964 tokens
Package:
libgssapi-krb5-2;
Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon)
Reported by: Benjamin Kaduk <kaduk@MITEDU>
Date: Th ...
Debian Bug report logs -
#755521
CVE-2014-4344 in krb5: NULL dereference in GSSAPI servers
Package:
libgssapi-krb5-2;
Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon)
Reported by: Benjamin Kaduk <kaduk@MITEDU>
Date: Mon, 21 Jul 2014 1 ...
Debian Bug report logs -
#753625
CVE-2014-4342 in krb5: insufficient validation processing rfc 1964 tokens
Package:
libgssapi-krb5-2;
Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon)
Reported by: Benjamin Kaduk <kaduk@MITEDU>
Date: Th ...
Debian Bug report logs -
#755520
CVE-2014-4343 in krb5: double-free in SPNEGO initiators
Package:
libgssapi-krb5-2;
Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon)
Reported by: Benjamin Kaduk <kaduk@MITEDU>
Date: Mon, 21 Jul 2014 17: ...
It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request (CVE-2013-1418, CVE-2013-6800)
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEG ...
A buffer over-read flaw was found in the way MIT Kerberos handled certain requests A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application ...
Vulmon