CVE-2014-4345 – krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
https://notcve.org/view.php?id=CVE-2014-4345
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands. Error de superación de límite (off-by-one) en la función krb5_encode_krbsecretkey en plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en el módulo LDAP KDB en kadmind en MIT Kerberos 5 (también conocido como krb5) 1.6.x hasta 1.11.x anterior a 1.11.6 y 1.12.x anterior a 1.12.2 permite a usuarios remotos autenticados causar una denegación de servicio (desbordamiento de buffer) o posiblemente ejecutar código arbitrario a través de una serie de comandos 'cpw -keepold'. A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. • http://advisories.mageia.org/MGASA-2014-0345.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980 http://linux.oracle.com/errata/ELSA-2014-1255.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html http://lists.opensuse.org/opensuse-updates& • CWE-189: Numeric Errors CWE-787: Out-of-bounds Write •
CVE-2014-4342 – krb5: denial of service flaws when handling RFC 1964 tokens
https://notcve.org/view.php?id=CVE-2014-4342
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. MIT Kerberos 5 (también conocido como krb5) 1.7.x hasta 1.12.x anterior a 1.12.2 permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer o referencia a puntero nulo y caída de aplicación) mediante la inyección de tokens inválidos en una sesión de la aplicación GSSAPI. A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. • http://advisories.mageia.org/MGASA-2014-0345.html http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 http://rhn.redhat.com/errata/RHSA-2015-0439.html http://secunia.com/advisories/59102 http://secunia.com/advisories/60082 http://www.debian.org/security/2014/dsa-3000 http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/68908 http://www.securitytracker.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-476: NULL Pointer Dereference •
CVE-2014-4341 – krb5: denial of service flaws when handling padding length longer than the plaintext
https://notcve.org/view.php?id=CVE-2014-4341
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. MIT Kerberos 5 (también conocido como krb5) anterior a 1.12.2 permite a atacantes remotos causar una denegación de servicio (sobrelectura de buffer y caída de aplicación) mediante la inyección de tokens inválido en una sesión de la aplicación GSSAPI. A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. • http://advisories.mageia.org/MGASA-2014-0345.html http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html http://rhn.redhat.com/errata/RHSA-2015-0439.html http://secunia.com/advisories/59102 http://secunia.com/advisories/60082 http://secunia.com/advisories/60448 http://security.gentoo.org/glsa/glsa-201412-53.xml http://www.debian • CWE-125: Out-of-bounds Read •
CVE-2013-1417
https://notcve.org/view.php?id=CVE-2013-1417
do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal. do_tgs_req.c en Key Distribution Center (KDC) de Kerberos 5 (también conocido como krb5) 1.11 anterior a la versión 1.11.4, cuando el nombre realm de un único componente es usado, permite a usuarios autenticados provocar una denegación de servicio (caída del demonio) a través de peticiones TGS-REQ que desencadenan una referencia cruzada en un servicio principal basado en host. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00026.html http://web.mit.edu/kerberos/krb5-1.11/README-1.11.4.txt https://bugzilla.redhat.com/show_bug.cgi?id=1030743 https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc • CWE-20: Improper Input Validation •
CVE-2013-6800 – krb5: KDC remote DoS (NULL pointer dereference and daemon crash)
https://notcve.org/view.php?id=CVE-2013-6800
An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418. Un módulo de base de datos de terceros sin especificar para Key Distribution Center (KDC) en MIT Kerberos 5 (también conocido como krb5) 1.10.x permite a usuarios remotos autenticados provocar una denegación de servicio (referencia a puntero NULL y cierre del demonio) a través de una petición manipulada, una vulnerabilidad diferente a CVE-2013-1418. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757 http://www.securityfocus.com/bid/63770 https://github.com/krb5/krb5/commit/c2ccf4197f697c4ff143b8a786acdd875e70a89d https://access.redhat.com/security/cve/CVE-2013-6800 https://bugzilla.redhat.com/show_bug.cgi?id=1031499 • CWE-476: NULL Pointer Dereference •