what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2014-5351

Status Candidate

Overview

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.

Related Files

Ubuntu Security Notice USN-2498-1
Posted Feb 11, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2498-1 - It was discovered that Kerberos incorrectly sent old keys in response to a -randkey -keepold request. An authenticated remote attacker could use this issue to forge tickets by leveraging administrative access. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the libgssapi_krb5 library incorrectly processed security context handles. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-5351, CVE-2014-5352, CVE-2014-5353, CVE-2014-5354, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
SHA-256 | 14cf04451fcc79abacd9b37fd5284879a17bc1bb703511b11b1aa1544e5c6ec3
Gentoo Linux Security Advisory 201412-53
Posted Dec 31, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-53 - A vulnerability has been found in MIT Kerberos 5, possibly resulting in arbitrary code execution or a Denial of Service condition. Versions less than 1.13 are affected.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2014-4341, CVE-2014-4343, CVE-2014-4345, CVE-2014-5351
SHA-256 | 5cde42d374ab870f36dc359940e34aa0c1990a9800b99bca9fe88696b4e98ae5
Mandriva Linux Security Advisory 2014-224
Posted Nov 21, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-224 - The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2014-5351
SHA-256 | 44e0fd2f76775f8cdc8e4d5fe78161fa0d40493711469db9916abe892af3d940
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close