Rapid7 Vulnerability & Exploit Database

RHSA-2015:0794: krb5 security update

Back to Search

RHSA-2015:0794: krb5 security update



Kerberos is a networked authentication system which allows clients andservers to authenticate to each other with the help of a trusted thirdparty, the Kerberos KDC.The following security issues are fixed with this release:A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5library processed valid context deletion tokens. An attacker able to makean application using the GSS-API library (libgssapi) could call thegss_process_context_token() function and use this flaw to crash thatapplication. (CVE-2014-5352)If kadmind were used with an LDAP back end for the KDC database, a remote,authenticated attacker who has the permissions to set the password policycould crash kadmind by attempting to use a named ticket policy object as apassword policy for a principal. (CVE-2014-5353)It was found that the krb5_read_message() function of MIT Kerberos did notcorrectly sanitize input, and could create invalid krb5_data objects.A remote, unauthenticated attacker could use this flaw to crash a Kerberoschild process via a specially crafted request. (CVE-2014-5355)A double-free flaw was found in the way MIT Kerberos handled invalidExternal Data Representation (XDR) data. An authenticated user could usethis flaw to crash the MIT Kerberos administration server (kadmind), orother applications using Kerberos libraries, via specially crafted XDRpackets. (CVE-2014-9421)It was found that the MIT Kerberos administration server (kadmind)incorrectly accepted certain authentication requests for two-componentserver principal names. A remote attacker able to acquire a key with aparticularly named principal (such as "kad/x") could use this flaw toimpersonate any user to kadmind, and perform administrative actions as thatuser. (CVE-2014-9422)Red Hat would like to thank the MIT Kerberos project for reportingCVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos projectacknowledges Nico Williams for assisting with the analysis ofCVE-2014-5352.All krb5 users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues.


  • redhat-upgrade-krb5-debuginfo
  • redhat-upgrade-krb5-devel
  • redhat-upgrade-krb5-libs
  • redhat-upgrade-krb5-pkinit-openssl
  • redhat-upgrade-krb5-server
  • redhat-upgrade-krb5-server-ldap
  • redhat-upgrade-krb5-workstation

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center