Vulnerability & Exploit Database

Displaying entries 1 - 10 of 20 in total

Results for: CVE-2014-4343 Back to search

RHSA-2015:0439: krb5 security, bug fix and enhancement update Vulnerability

  • Severity: 9
  • Published: February 19, 2015

A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptorfor continuation tokens. A remote, unauthenticated attacker could use this flawto crash a GSSAPI-enabled server application. (CVE-2014-4344)A buffer overflow was found in the KADM5 administration server (kadmind) when itwas used with an LDAP back end for the KDC...

ELSA-2015-0439 Moderate: Oracle Linux krb5 security, bug fix and enhancement update Vulnerability

  • Severity: 9
  • Published: February 19, 2015

The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or po...

USN-2310-1: Kerberos vulnerabilities Vulnerability

  • Severity: 9
  • Published: August 14, 2014

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitra...

RHSA-2014:1389: krb5 security and bug fix update Vulnerability

  • Severity: 9
  • Published: August 14, 2014

Kerberos is a networked authentication system which allows clients andservers to authenticate to each other with the help of a trusted thirdparty, the Kerberos KDC.It was found that if a KDC served multiple realms, certain requests couldcause the setup_server_realm() function to dereference a NULL pointer.A remote, unauthenticated attack...

ELSA-2014-1389 Moderate: Oracle Linux krb5 security and bug fix update Vulnerability

  • Severity: 9
  • Published: August 14, 2014

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitra...

Gentoo Linux: CVE-2014-4343: MIT Kerberos 5: User-assisted execution of arbitrary code Vulnerability

  • Severity: 8
  • Published: August 14, 2014

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from a...

F5 Networks: K15553 (CVE-2014-4343): Kerberos vulnerability CVE-2014-4343 Vulnerability

  • Severity: 8
  • Published: August 14, 2014

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from a...

Amazon Linux AMI: Security patch for krb5 (ALAS-2014-443) (multiple CVEs) Vulnerability

  • Severity: 9
  • Published: August 14, 2014

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitra...

AIX NAS double-free in SPNEGO -AIX 7.1 Vulnerability

  • Severity: 8
  • Published: August 14, 2014

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from a...

AIX 7.1 - nas_advisory1 : AIX_NAS_doublefree_in_SPNEGO (APAR N/A) Vulnerability

  • Severity: 8
  • Published: August 14, 2014

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from a...