cbcvebase.
CVE-2014-5353
published 2014-12-16

CVE-2014-5353: The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC…

PriorityP419low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
4.97%
91.1th percentile
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

Affected

36 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiankrb5< krb5 1.12.1+dfsg-16 (bookworm)krb5 1.12.1+dfsg-16 (bookworm)
fedoraprojectfedora
mitkerberos_5< 1.13.11.13.1
mitkrb5>= 0 < 1.12.1+dfsg-161.12.1+dfsg-16
mitkrb5>= 0 < 1.12.1+dfsg-161.12.1+dfsg-16
mitkrb5>= 0 < 1.12.1+dfsg-161.12.1+dfsg-16
mitkrb5>= 0 < 1.12.1+dfsg-161.12.1+dfsg-16
mitkrb5>= 0 < 1.12+dfsg-2ubuntu5.11.12+dfsg-2ubuntu5.1
opensuseopensuse
opensuseopensuse
oraclesolaris
oraclesolaris
redhatenterprise_linux_desktop
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_server

CVSS provenance

nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv3.5LOW
vendor_debian3.5LOW
vendor_redhat3.5LOW
vendor_ubuntu2.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.