CVE-2014-5354

Loading...

General

Score:3.5/10.0
Severity:Low
Category:N/A
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:Single

Relative vulnerabilities

CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345, CVE-2014-5351, CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423, CVE-2015-2694

Published on 17/12/14 - Updated on 03/01/17

Description

plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2014-5354
Arch Linux ASA-201502-12
Oracle Linux ELSA-2015-0439
SUSE SUSE-SU-2015:1276, SUSE-SU-2015:1282
Ubuntu USN-2498-1

Exploits

SecurityFocusBID-71680

Relative technologies

VendorProduct
mitkerberos

Share this vulnerability with:

Twitter Facebook LinkedIn Mail