Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2014-5352

Published: 19/02/2015 Updated: 21/01/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
VMScore: 802
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Kerberos 5

Vulnerability Summary

The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) up to and including 1.11.5, 1.12.x up to and including 1.12.2, and 1.13.x prior to 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5 1.11.2

mit kerberos 5 1.11.3

mit kerberos 5 1.11

mit kerberos 5 1.11.1

mit kerberos 5 1.13

mit kerberos 5 1.12.1

mit kerberos 5 1.12.2

mit kerberos 5 1.11.4

mit kerberos 5 1.11.5

mit kerberos 5 1.12

Vendor Advisories

Ubuntu Security Notice: krb5 vulnerabilities
Several security issues were fixed in Kerberos ...
Amazon Linux AMI: ALAS-2015-518
A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application (CVE-2014-5352) If kadmind were used with an LDAP b ...
Red Hat: CVE-2014-5352
A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application ...

References

NVD-CWE-Otherhttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txthttp://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txthttps://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506ahttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.htmlhttp://www.debian.org/security/2015/dsa-3153http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0439.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00044.htmlhttp://www.ubuntu.com/usn/USN-2498-1http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:069http://rhn.redhat.com/errata/RHSA-2015-0794.htmlhttp://www.securityfocus.com/bid/72495https://usn.ubuntu.com/2498-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-5352
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook