Several security issues were fixed in Kerberos ...
Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2014-4341
An unauthenticated remote attacker with the ability to inject
packets into a legitimately established GSSAPI application session
can cause a program crash ...
Debian Bug report logs -
#757416
CVE-2014-4345 in krb5-kdc-ldap: buffer overrun in kadmind
Package:
krb5-kdc-ldap;
Maintainer for krb5-kdc-ldap is Sam Hartman <hartmans@debianorg>; Source for krb5-kdc-ldap is src:krb5 (PTS, buildd, popcon)
Reported by: Benjamin Kaduk <kaduk@MITEDU>
Date: Thu, 7 Aug 2014 22:39:01 U ...
Debian Bug report logs -
#753624
CVE-2014-4341 in krb5: insufficient validation processing rfc 1964 tokens
Package:
libgssapi-krb5-2;
Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon)
Reported by: Benjamin Kaduk <kaduk@MITEDU>
Date: Th ...
Debian Bug report logs -
#755521
CVE-2014-4344 in krb5: NULL dereference in GSSAPI servers
Package:
libgssapi-krb5-2;
Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon)
Reported by: Benjamin Kaduk <kaduk@MITEDU>
Date: Mon, 21 Jul 2014 1 ...
Debian Bug report logs -
#753625
CVE-2014-4342 in krb5: insufficient validation processing rfc 1964 tokens
Package:
libgssapi-krb5-2;
Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon)
Reported by: Benjamin Kaduk <kaduk@MITEDU>
Date: Th ...
Debian Bug report logs -
#755520
CVE-2014-4343 in krb5: double-free in SPNEGO initiators
Package:
libgssapi-krb5-2;
Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon)
Reported by: Benjamin Kaduk <kaduk@MITEDU>
Date: Mon, 21 Jul 2014 17: ...
It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request (CVE-2013-1418, CVE-2013-6800)
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEG ...
A double-free flaw was found in the MIT Kerberos SPNEGO initiators An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos ...