8.5
CVSSv2

CVE-2014-4345

Published: 14/08/2014 Updated: 21/01/2020
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 756
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Summary

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x up to and including 1.11.x prior to 1.11.6 and 1.12.x prior to 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.

Affected Products

Vendor Product Versions
MitKerberos 51.6, 1.6.1, 1.6.2, 1.7, 1.7.1, 1.8, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.9, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.10, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.11, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.12, 1.12.1

Vendor Advisories

Debian Bug report logs - #755521 CVE-2014-4344 in krb5: NULL dereference in GSSAPI servers Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 21 Jul 2014 1 ...
Debian Bug report logs - #753624 CVE-2014-4341 in krb5: insufficient validation processing rfc 1964 tokens Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Th ...
Debian Bug report logs - #753625 CVE-2014-4342 in krb5: insufficient validation processing rfc 1964 tokens Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Th ...
Debian Bug report logs - #755520 CVE-2014-4343 in krb5: double-free in SPNEGO initiators Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 21 Jul 2014 17: ...
Debian Bug report logs - #757416 CVE-2014-4345 in krb5-kdc-ldap: buffer overrun in kadmind Package: krb5-kdc-ldap; Maintainer for krb5-kdc-ldap is Sam Hartman <hartmans@debianorg>; Source for krb5-kdc-ldap is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Thu, 7 Aug 2014 22:39:01 U ...
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-4341 An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash ...
Several security issues were fixed in Kerberos ...
It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request (CVE-2013-1418 , CVE-2013-6800 ) A NULL pointer dereference flaw was found in the MIT Kerberos SPN ...
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...

References

CWE-189http://advisories.mageia.org/MGASA-2014-0345.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980http://linux.oracle.com/errata/ELSA-2014-1255.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.htmlhttp://lists.opensuse.org/opensuse-updates/2014-08/msg00030.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1255.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0439.htmlhttp://secunia.com/advisories/59102http://secunia.com/advisories/59415http://secunia.com/advisories/59993http://secunia.com/advisories/60535http://secunia.com/advisories/60776http://secunia.com/advisories/61314http://secunia.com/advisories/61353http://security.gentoo.org/glsa/glsa-201412-53.xmlhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txthttp://www.debian.org/security/2014/dsa-3000http://www.mandriva.com/security/advisories?name=MDVSA-2014:165http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.osvdb.org/109908http://www.securityfocus.com/bid/69168http://www.securitytracker.com/id/1030705https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errorshttps://bugzilla.redhat.com/show_bug.cgi?id=1128157https://exchange.xforce.ibmcloud.com/vulnerabilities/95212https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1https://github.com/krb5/krb5/pull/181https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2014-4345http://tools.cisco.com/security/center/viewAlert.x?alertId=35226https://nvd.nist.govhttps://usn.ubuntu.com/2310-1/