CVE-2014-4342

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

References

http://advisories.mageia.org/MGASA-2014-0345.html

http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949

http://rhn.redhat.com/errata/RHSA-2015-0439.html

http://secunia.com/advisories/59102

http://secunia.com/advisories/60082

http://www.debian.org/security/2014/dsa-3000

http://www.mandriva.com/security/advisories?name=MDVSA-2014:165

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.securityfocus.com/bid/68908

http://www.securitytracker.com/id/1030706

https://exchange.xforce.ibmcloud.com/vulnerabilities/94903

https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73

Details

Source: MITRE

Published: 2014-07-20

Updated: 2020-01-21

Type: CWE-119

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mit:kerberos:5-1.8:alpha1:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos:5-1.10.5:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos:5-1.10.6:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos:5-1.10.7:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.7:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.5:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.8.6:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.9:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.9.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.9.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.9.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.9.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.10:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.10.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.10.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.10.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.10.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*

cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
82255Scientific Linux Security Update : krb5 on SL7.x x86_64 (20150305)NessusScientific Linux Local Security Checks
high
82185Debian DLA-37-1 : krb5 security updateNessusDebian Local Security Checks
high
81896CentOS 7 : krb5 (CESA-2015:0439)NessusCentOS Local Security Checks
high
81805Oracle Linux 7 : krb5 (ELSA-2015-0439)NessusOracle Linux Local Security Checks
high
81637RHEL 7 : krb5 (RHSA-2015:0439)NessusRed Hat Local Security Checks
high
80656Oracle Solaris Third-Party Patch Update : kerberos (multiple_buffer_errors_vulnerabilities_in4)NessusSolaris Local Security Checks
medium
79549OracleVM 3.3 : krb5 (OVMSA-2014-0034)NessusOracleVM Local Security Checks
high
79292Amazon Linux AMI : krb5 (ALAS-2014-443)NessusAmazon Linux Local Security Checks
high
79178CentOS 6 : krb5 (CESA-2014:1389)NessusCentOS Local Security Checks
high
78846Scientific Linux Security Update : krb5 on SL6.x i386/x86_64 (20141014)NessusScientific Linux Local Security Checks
high
78523Oracle Linux 6 : krb5 (ELSA-2014-1389)NessusOracle Linux Local Security Checks
high
78406RHEL 6 : krb5 (RHSA-2014:1389)NessusRed Hat Local Security Checks
high
78192F5 Networks BIG-IP : MIT Kerberos 5 vulnerability (K15547)NessusF5 Networks Local Security Checks
medium
77644Mandriva Linux Security Advisory : krb5 (MDVSA-2014:165)NessusMandriva Local Security Checks
high
77147Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : krb5 vulnerabilities (USN-2310-1)NessusUbuntu Local Security Checks
high
77145SuSE 11.3 Security Update : krb5 (SAT Patch Number 9564)NessusSuSE Local Security Checks
high
77130openSUSE Security Update : krb5 (openSUSE-SU-2014:0977-1)NessusSuSE Local Security Checks
high
77101Debian DSA-3000-1 : krb5 - security updateNessusDebian Local Security Checks
high