CVE-2014-4343
krb5: double-free flaw in SPNEGO initiators
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
Vulnerabilidad de doble liberación en la función init_ctx_reselect en el iniciador SPNEGO en lib/gssapi/spnego/spnego_mech.c en MIT Kerberos 5 (también conocido como krb5) 1.10.x hasta 1.12.x anterior a 1.12.2 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario a través de trafico de la red que parece venir de un aceptador intencionado, pero especifica un mecanismo de seguridad diferente al propuesto por el iniciador.
A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos.
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library call the gss_process_context_token() function could use this flaw to crash that application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-06-20 CVE Reserved
- 2014-08-11 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-415: Double Free
- CWE-416: Use After Free
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://advisories.mageia.org/MGASA-2014-0345.html | X_refsource_confirm | |
| http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc | X_refsource_confirm | |
| http://krbdev.mit.edu/rt/Ticket/Display.html?id=7969 | Issue Tracking | |
| http://secunia.com/advisories/59102 | Third Party Advisory | |
| http://secunia.com/advisories/60082 | Third Party Advisory | |
| http://secunia.com/advisories/60448 | Third Party Advisory | |
| http://secunia.com/advisories/61052 | Third Party Advisory | |
| http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15553.html | X_refsource_confirm | |
| http://www.osvdb.org/109390 | Vdb Entry | |
| http://www.securityfocus.com/bid/69159 | Vdb Entry | |
| http://www.securitytracker.com/id/1030706 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95211 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f | 2020-01-21 |
| URL | Date | SRC |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html | 2020-01-21 | |
| http://rhn.redhat.com/errata/RHSA-2015-0439.html | 2020-01-21 | |
| http://security.gentoo.org/glsa/glsa-201412-53.xml | 2020-01-21 | |
| http://www.debian.org/security/2014/dsa-3000 | 2020-01-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1121876 | 2015-03-05 | |
| https://access.redhat.com/security/cve/CVE-2014-4343 | 2015-03-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10 Search vendor "Mit" for product "Kerberos 5" and version "1.10" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10.1 Search vendor "Mit" for product "Kerberos 5" and version "1.10.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10.2 Search vendor "Mit" for product "Kerberos 5" and version "1.10.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10.3 Search vendor "Mit" for product "Kerberos 5" and version "1.10.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.10.4 Search vendor "Mit" for product "Kerberos 5" and version "1.10.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11 Search vendor "Mit" for product "Kerberos 5" and version "1.11" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11.1 Search vendor "Mit" for product "Kerberos 5" and version "1.11.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11.2 Search vendor "Mit" for product "Kerberos 5" and version "1.11.2" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11.3 Search vendor "Mit" for product "Kerberos 5" and version "1.11.3" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11.4 Search vendor "Mit" for product "Kerberos 5" and version "1.11.4" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.11.5 Search vendor "Mit" for product "Kerberos 5" and version "1.11.5" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.12 Search vendor "Mit" for product "Kerberos 5" and version "1.12" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.12.1 Search vendor "Mit" for product "Kerberos 5" and version "1.12.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Hpc Node Search vendor "Redhat" for product "Enterprise Linux Hpc Node" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Hpc Node" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||