what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

CVE-2014-4343

Status Candidate

Overview

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.

Related Files

Red Hat Security Advisory 2015-0439-01
Posted Mar 5, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0439-01 - A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library call the gss_process_context_token() function could use this flaw to crash that application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345, CVE-2014-5352, CVE-2014-5353, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
MD5 | d85825377d22e6afe2ccf2cd0c784eca
Gentoo Linux Security Advisory 201412-53
Posted Dec 31, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-53 - A vulnerability has been found in MIT Kerberos 5, possibly resulting in arbitrary code execution or a Denial of Service condition. Versions less than 1.13 are affected.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, gentoo
advisories | CVE-2014-4341, CVE-2014-4343, CVE-2014-4345, CVE-2014-5351
MD5 | 3fe9fa1f2ae51fe3eb986c38fc408d4e
Red Hat Security Advisory 2014-1389-02
Posted Oct 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1389-02 - Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345
MD5 | 3399c0ccb4db1693911705316418e134
Ubuntu Security Notice USN-2310-1
Posted Aug 11, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2310-1 - It was discovered that Kerberos incorrectly handled certain crafted Draft 9 requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that Kerberos incorrectly handled certain malformed KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this issue to cause the daemon to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-1016, CVE-2013-1415, CVE-2013-1416, CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345
MD5 | b34822d7ac81fe31a5839b4efb895fa8
Debian Security Advisory 3000-1
Posted Aug 11, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3000-1 - Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345
MD5 | e56a2c4abed937a19a110da6304ba0a2
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close