CVE-2014-5354
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c en MIT Kerberos 5 (también conocido como krb5) 1.12.x y 1.13.x anterior a 1.13.1, cuando el KDC utiliza LDAP, permite a usuarios remotos autenticados causar una denegación de servicio (referencia a puntero nulo y caída del demonio) mediante la creación de una entrada de la base de datos para un principal sin clave, tal y como fur demostrado por un comando kadmin 'add_principal -nokey' o 'purgekeys -all'.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-08-19 CVE Reserved
- 2014-12-16 CVE Published
- 2024-01-10 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/71680 | Vdb Entry | |
| http://www.securitytracker.com/id/1031376 | Vdb Entry | |
| https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html | 2020-01-21 | |
| http://www.ubuntu.com/usn/USN-2498-1 | 2020-01-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mit Search vendor "Mit" | Kerberos Search vendor "Mit" for product "Kerberos" | 5_1.13 Search vendor "Mit" for product "Kerberos" and version "5_1.13" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.12 Search vendor "Mit" for product "Kerberos 5" and version "1.12" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.12.1 Search vendor "Mit" for product "Kerberos 5" and version "1.12.1" | - |
Affected
| ||||||
| Mit Search vendor "Mit" | Kerberos 5 Search vendor "Mit" for product "Kerberos 5" | 1.12.2 Search vendor "Mit" for product "Kerberos 5" and version "1.12.2" | - |
Affected
| ||||||