CVE-2012-1014

Related Files

Gentoo Linux Security Advisory 201312-12

Posted Dec 17, 2013

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201312-12 - Multiple vulnerabilities have been discovered in MIT Kerberos 5, allowing execution of arbitrary code or Denial of Service. Versions less than 1.11.4 are affected.

tags | advisory, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2002-2443, CVE-2012-1014, CVE-2012-1015, CVE-2013-1416, CVE-2013-1417, CVE-2013-1418, CVE-2013-6800

MD5 | 4c90974a4cb8f38e9ee36d0c79c13a8f

Download | Favorite | View

Debian Security Advisory 2518-1

Posted Aug 1, 2012

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2518-1 - Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol.

tags | advisory, vulnerability, protocol

systems | linux, debian

advisories | CVE-2012-1014, CVE-2012-1015

MD5 | f397bbb4b71f029257a2c149b36d7d69

Download | Favorite | View

MIT krb5 Security Advisory 2012-001

Posted Aug 1, 2012

Site web.mit.edu

MIT krb5 Security Advisory 2012-001 - The MIT krb5 KDC (Key Distribution Center) daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this vulnerability to execute malicious code, but exploiting frees of uninitialized pointers to execute code is believed to be difficult. It is possible that a legitimate client that is misconfigured in an unusual way could trigger this vulnerability. The MIT krb5 KDC daemon can dereference an uninitialized pointer while processing a malformed AS-REQ, causing the daemon to abnormally terminate. This vulnerability could theoretically lead to the execution of malicious code, but that is believed to be very difficult.

tags | advisory

advisories | CVE-2012-1014, CVE-2012-1015

MD5 | de7be8c16a3e725db8572db55ad1b991

Download | Favorite | View

Ubuntu Security Notice USN-1520-1

Posted Jul 31, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1520-1 - Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could free an uninitialized pointer when handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. Emmanuel Bouillon discovered that the MIT krb5 Key Distribution Center (KDC) daemon could dereference an uninitialized pointer while handling a malformed AS-REQ message. A remote unauthenticated attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2012-1015, CVE-2012-1014, CVE-2012-1013, CVE-2012-1012, CVE-2012-1012, CVE-2012-1013, CVE-2012-1014, CVE-2012-1015

MD5 | 785121ba14deb07d09e780a9083a9e38

Download | Favorite | View