CVE-2014-5351
published 2014-10-10CVE-2014-5351: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a…
PriorityP416low2.1CVSS 2.0
AVNACHAuSCPINAN
EPSS
2.62%
83.5th percentile
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.12.1+dfsg-10 (bookworm) | krb5 1.12.1+dfsg-10 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.12.1+dfsg-10 | 1.12.1+dfsg-10 |
| mit | krb5 | >= 0 < 1.12.1+dfsg-10 | 1.12.1+dfsg-10 |
| mit | krb5 | >= 0 < 1.12.1+dfsg-10 | 1.12.1+dfsg-10 |
| mit | krb5 | >= 0 < 1.12.1+dfsg-10 | 1.12.1+dfsg-10 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu5.1 | 1.12+dfsg-2ubuntu5.1 |
CVSS provenance
nvdv2.02.1LOWAV:N/AC:H/Au:S/C:P/I:N/A:N
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
vendor_ubuntu2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j87f-3fmr-m923: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal
ghsa_unreviewed·2022-05-13
CVE-2014-5351 [LOW] GHSA-j87f-3fmr-m923: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
OSV
krb5 vulnerabilities
osv·2015-02-10·CVSS 2.1
CVE-2014-5351 [LOW] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that Kerberos incorrectly sent old keys in response to a
-randkey -keepold request. An authenticated remote attacker could use this
issue to forge tickets by leveraging administrative access. This issue
only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-5351)
It was discovered that the libgssapi_krb5 library incorrectly processed
security context handles. A remote attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. (CVE-2014-5352)
Patrik Kis discovered that Kerberos incorrectly handled LDAP queries with
no results. An authenticated remote attacker could use this issue to cause
the KDC to crash, resulting in a denial of service. (CVE-2014-5353)
It was discovered that Kerberos
OSV
CVE-2014-5351: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal
osv·2014-10-10·CVSS 2.1
CVE-2014-5351 [LOW] CVE-2014-5351: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2015-02-10·CVSS 2.1
CVE-2014-5351 [LOW] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that Kerberos incorrectly sent old keys in response to a
-randkey -keepold request. An authenticated remote attacker could use this
issue to forge tickets by leveraging administrative access. This issue
only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-5351)
It was discovered that the libgssapi_krb5 library incorrectly processed
security context handles. A remote attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. (CVE-2014-5352)
Patrik Kis discovered that Kerberos incorrectly handled LDAP queries with
no results. An authenticated remote attacker could use this issue to cause
the KDC to crash, resulting in
Red Hat
krb5: current keys returned when randomizing the keys for a service principal
vendor_redhat·2014-08-21·CVSS 2.1
CVE-2014-5351 [LOW] CWE-200 krb5: current keys returned when randomizing the keys for a service principal
krb5: current keys returned when randomizing the keys for a service principal
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: krb5 (Red Hat Enterprise Linux 5) - Will not fix
Package: krb5 (Red Hat Enterprise Linux 6) - Will not fix
Package: krb5 (Red Hat Ent
Debian
CVE-2014-5351: krb5 - The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmi...
vendor_debian·2014·CVSS 2.1
CVE-2014-5351 [LOW] CVE-2014-5351: krb5 - The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmi...
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
Scope: local
bookworm: resolved (fixed in 1.12.1+dfsg-10)
bullseye: resolved (fixed in 1.12.1+dfsg-10)
forky: resolved (fixed in 1.12.1+dfsg-10)
sid: resolved (fixed in 1.12.1+dfsg-10)
trixie: resolved (fixed in 1.12.1+dfsg-10)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-5352 CVE-2014-9421 CVE-2014-9423 CVE-2014-9422 krb5: various flaws [fedora-all]
bugzilla·2015-02-03·CVSS 9.0
CVE-2014-5352 [CRITICAL] CVE-2014-5352 CVE-2014-9421 CVE-2014-9423 CVE-2014-9422 krb5: various flaws [fedora-all]
CVE-2014-5352 CVE-2014-9421 CVE-2014-9423 CVE-2014-9422 krb5: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported v
Bugzilla
CVE-2014-5351 krb5: current keys returned when randomizing the keys for a service principal
bugzilla·2014-09-23·CVSS 2.1
CVE-2014-5351 [LOW] CVE-2014-5351 krb5: current keys returned when randomizing the keys for a service principal
CVE-2014-5351 krb5: current keys returned when randomizing the keys for a service principal
It was reported that if a privileged user randomized the keys for a service principal, the old key would be returned to them. This could lead to ticket forgery attacks on the service in question.
This issue has been fixed in upstream version 1.13. Red Hat Enterprise Linux 6 and 7 are affected.
Full details from the upstream report:
""
An authenticated remote attacker can retrieve the current keys for a
service principal when generating a new set of keys for that
principal. The attacker needs to be authenticated as a user who has
the elevated privilege for randomizing the keys of other principals.
Normally, when a Kerberos administrator randomizes the keys of a
service principal, kadmind returns
Bugzilla
CVE-2014-5351 krb5: current keys returned when randomizing the keys for a service principal [fedora-all]
bugzilla·2014-09-23·CVSS 2.1
CVE-2014-5351 [LOW] CVE-2014-5351 krb5: current keys returned when randomizing the keys for a service principal [fedora-all]
CVE-2014-5351 krb5: current keys returned when randomizing the keys for a service principal [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mult
http://advisories.mageia.org/MGASA-2014-0477.htmlhttp://krbdev.mit.edu/rt/Ticket/Display.html?id=8018http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00044.htmlhttp://security.gentoo.org/glsa/glsa-201412-53.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:224http://www.securityfocus.com/bid/70380http://www.securitytracker.com/id/1031003http://www.ubuntu.com/usn/USN-2498-1https://bugzilla.redhat.com/show_bug.cgi?id=1145425https://exchange.xforce.ibmcloud.com/vulnerabilities/97028https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6cahttps://lists.debian.org/debian-lts-announce/2018/01/msg00040.htmlhttp://advisories.mageia.org/MGASA-2014-0477.htmlhttp://krbdev.mit.edu/rt/Ticket/Display.html?id=8018http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00044.htmlhttp://security.gentoo.org/glsa/glsa-201412-53.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:224http://www.securityfocus.com/bid/70380http://www.securitytracker.com/id/1031003http://www.ubuntu.com/usn/USN-2498-1https://bugzilla.redhat.com/show_bug.cgi?id=1145425https://exchange.xforce.ibmcloud.com/vulnerabilities/97028https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6cahttps://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
2014-10-10
Published