// For flags

CVE-2014-4345

krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)

Severity Score

10.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.

Error de superación de límite (off-by-one) en la función krb5_encode_krbsecretkey en plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en el módulo LDAP KDB en kadmind en MIT Kerberos 5 (también conocido como krb5) 1.6.x hasta 1.11.x anterior a 1.11.6 y 1.12.x anterior a 1.12.2 permite a usuarios remotos autenticados causar una denegación de servicio (desbordamiento de buffer) o posiblemente ejecutar código arbitrario a través de una serie de comandos 'cpw -keepold'.

A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind.

A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. A buffer overflow was found in the KADM5 administration server when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library call the gss_process_context_token() function could use this flaw to crash that application.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-06-20 CVE Reserved
  • 2014-08-09 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-01-06 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
  • CWE-787: Out-of-bounds Write
CAPEC
References (31)
URL Tag Source
http://advisories.mageia.org/MGASA-2014-0345.html X_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 X_refsource_confirm
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980 X_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1255.html X_refsource_confirm
http://secunia.com/advisories/59102 Third Party Advisory
http://secunia.com/advisories/59415 Third Party Advisory
http://secunia.com/advisories/59993 Third Party Advisory
http://secunia.com/advisories/60535 Third Party Advisory
http://secunia.com/advisories/60776 Third Party Advisory
http://secunia.com/advisories/61314 Third Party Advisory
http://secunia.com/advisories/61353 Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html X_refsource_confirm
http://www.osvdb.org/109908 Vdb Entry
http://www.securityfocus.com/bid/69168 Vdb Entry
http://www.securitytracker.com/id/1030705 Vdb Entry
https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/95212 Vdb Entry
https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1 X_refsource_confirm
https://github.com/krb5/krb5/pull/181 X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html 2020-01-21
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html 2020-01-21
http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html 2020-01-21
http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html 2020-01-21
http://rhn.redhat.com/errata/RHSA-2014-1255.html 2020-01-21
http://rhn.redhat.com/errata/RHSA-2015-0439.html 2020-01-21
http://security.gentoo.org/glsa/glsa-201412-53.xml 2020-01-21
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt 2020-01-21
http://www.debian.org/security/2014/dsa-3000 2020-01-21
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165 2020-01-21
https://bugzilla.redhat.com/show_bug.cgi?id=1128157 2015-03-05
https://access.redhat.com/security/cve/CVE-2014-4345 2015-03-05
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.6
Search vendor "Mit" for product "Kerberos 5" and version "1.6"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.6.1
Search vendor "Mit" for product "Kerberos 5" and version "1.6.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.6.2
Search vendor "Mit" for product "Kerberos 5" and version "1.6.2"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.7
Search vendor "Mit" for product "Kerberos 5" and version "1.7"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.7.1
Search vendor "Mit" for product "Kerberos 5" and version "1.7.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8
Search vendor "Mit" for product "Kerberos 5" and version "1.8"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8.1
Search vendor "Mit" for product "Kerberos 5" and version "1.8.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8.2
Search vendor "Mit" for product "Kerberos 5" and version "1.8.2"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8.3
Search vendor "Mit" for product "Kerberos 5" and version "1.8.3"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8.4
Search vendor "Mit" for product "Kerberos 5" and version "1.8.4"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8.5
Search vendor "Mit" for product "Kerberos 5" and version "1.8.5"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.8.6
Search vendor "Mit" for product "Kerberos 5" and version "1.8.6"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.9
Search vendor "Mit" for product "Kerberos 5" and version "1.9"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.9.1
Search vendor "Mit" for product "Kerberos 5" and version "1.9.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.9.2
Search vendor "Mit" for product "Kerberos 5" and version "1.9.2"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.9.3
Search vendor "Mit" for product "Kerberos 5" and version "1.9.3"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.9.4
Search vendor "Mit" for product "Kerberos 5" and version "1.9.4"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.10
Search vendor "Mit" for product "Kerberos 5" and version "1.10"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.10.1
Search vendor "Mit" for product "Kerberos 5" and version "1.10.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.10.2
Search vendor "Mit" for product "Kerberos 5" and version "1.10.2"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.10.3
Search vendor "Mit" for product "Kerberos 5" and version "1.10.3"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.10.4
Search vendor "Mit" for product "Kerberos 5" and version "1.10.4"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.11
Search vendor "Mit" for product "Kerberos 5" and version "1.11"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.11.1
Search vendor "Mit" for product "Kerberos 5" and version "1.11.1"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.11.2
Search vendor "Mit" for product "Kerberos 5" and version "1.11.2"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.11.3
Search vendor "Mit" for product "Kerberos 5" and version "1.11.3"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.11.4
Search vendor "Mit" for product "Kerberos 5" and version "1.11.4"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.11.5
Search vendor "Mit" for product "Kerberos 5" and version "1.11.5"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.12
Search vendor "Mit" for product "Kerberos 5" and version "1.12"
-
Affected
Mit
Search vendor "Mit"
 Kerberos 5
Search vendor "Mit" for product "Kerberos 5"
 1.12.1
Search vendor "Mit" for product "Kerberos 5" and version "1.12.1"
-
Affected