Showing 1 - 3 of 3

CVE-2014-5355

Status Candidate

Overview

MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.

Related Files

Red Hat Security Advisory 2015-2154-07: Posted Nov 20, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-2154-07 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.; tags | advisory, remote; systems | linux, redhat; advisories | CVE-2014-5355, CVE-2015-2694; SHA-256 | 5ad980f4c68fede003281d3f75b3cf69921e4939654d38992cb7f8254c273b7d; Download | Favorite | View

Ubuntu Security Notice USN-2810-1: Posted Nov 12, 2015; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 2810-1 - It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.; tags | advisory, remote, denial of service, udp; systems | linux, ubuntu; advisories | CVE-2002-2443, CVE-2014-5355, CVE-2015-2694, CVE-2015-2695, CVE-2015-2696, CVE-2015-2697, CVE-2015-2698; SHA-256 | 54cd41e88f3b572fc0172f18b2a69d4bc309121aab39e9d9df3fcb5f00087252; Download | Favorite | View

Red Hat Security Advisory 2015-0794-01: Posted Apr 9, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-0794-01 - Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library could call the gss_process_context_token() function and use this flaw to crash that application.; tags | advisory; systems | linux, redhat; advisories | CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, CVE-2014-9422; SHA-256 | 092ae20195bf4a7732cc962288fb80eeebadd65456efb91c9af412787b3822e3; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 227 files
Ubuntu 60 files
LiquidWorm 24 files
Debian 17 files
indoushka 15 files
Apple 9 files
Google Security Research 6 files
Gentoo 5 files
Chokri Hammedi 3 files
Jann Horn 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2014-5355

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems