CVE-2014-5355
published 2015-02-20CVE-2014-5355: MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.59%
90.5th percentile
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
Affected
65 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.12.1+dfsg-18 (bookworm) | krb5 1.12.1+dfsg-18 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2015-11-12·CVSS 5.0
CVE-2002-2443 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that the Kerberos kpasswd service incorrectly handled
certain UDP packets. A remote attacker could possibly use this issue to
cause resource consumption, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS. (CVE-2002-2443)
It was discovered that Kerberos incorrectly handled null bytes in certain
data fields. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-5355)
It was discovered that the Kerberos kdcpreauth modules incorrectly tracked
certain client requests. A remote attacker could possibly use this issue
to bypass intended preauthentication requirements
Red Hat
krb5: unauthenticated denial of service in recvauth_common() and others
vendor_redhat·2014-12-09·CVSS 5.0
CVE-2014-5355 [MEDIUM] CWE-476 krb5: unauthenticated denial of service in recvauth_common() and others
krb5: unauthenticated denial of service in recvauth_common() and others
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.
Package: krb5 (Red Hat Enterprise
Debian
CVE-2014-5355: krb5 - MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_me...
vendor_debian·2014·CVSS 5.0
CVE-2014-5355 [MEDIUM] CVE-2014-5355: krb5 - MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_me...
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
Scope: local
bookworm: resolved (fixed in 1.12.1+dfsg-18)
bullseye: resolved (fixed in 1.12.1+dfsg-18)
forky: resolved (fixed in 1.12.1+dfsg-18)
sid: resolved (fixed in 1.12.1+dfsg-18)
trixie: resolved (fixed in 1.12.1+dfsg-18)
GHSA
GHSA-cmh6-3x5j-qf2g: MIT Kerberos 5 (aka krb5) through 1
ghsa_unreviewed·2022-05-13
CVE-2014-5355 [MEDIUM] GHSA-cmh6-3x5j-qf2g: MIT Kerberos 5 (aka krb5) through 1
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
OSV
krb5 vulnerabilities
osv·2015-11-12·CVSS 5.0
CVE-2002-2443 [MEDIUM] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that the Kerberos kpasswd service incorrectly handled
certain UDP packets. A remote attacker could possibly use this issue to
cause resource consumption, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS. (CVE-2002-2443)
It was discovered that Kerberos incorrectly handled null bytes in certain
data fields. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-5355)
It was discovered that the Kerberos kdcpreauth modules incorrectly tracked
certain client requests. A remote attacker could possibly use this issue
to bypass intended preauthentication requirements. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-20
OSV
CVE-2014-5355: MIT Kerberos 5 (aka krb5) through 1
osv·2015-02-20·CVSS 5.0
CVE-2014-5355 [MEDIUM] CVE-2014-5355: MIT Kerberos 5 (aka krb5) through 1
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and others [fedora-all]
bugzilla·2015-03-11·CVSS 5.0
CVE-2014-5355 [MEDIUM] CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and others [fedora-all]
CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and others [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple s
Bugzilla
CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and others
bugzilla·2015-02-18·CVSS 5.0
CVE-2014-5355 [MEDIUM] CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and others
CVE-2014-5355 krb5: unauthenticated denial of service in recvauth_common() and others
From upstream commit [1]:
"""
In MIT krb5, when a server process uses the krb5_recvauth function, an
unauthenticated remote attacker can cause a NULL dereference by
sending a zero-byte version string, or a read beyond the end of
allocated storage by sending a non-null-terminated version string.
The example user-to-user server application (uuserver) is similarly
vulnerable to a zero-length or non-null-terminated principal name
string.
The krb5_recvauth function reads two version strings from the client
using krb5_read_message(), which produces a krb5_data structure
containing a length and a pointer to an octet sequence. krb5_recvauth
assumes that the data pointer is a valid C string and passes it to
strc
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8050http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0794.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:069http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/74042http://www.ubuntu.com/usn/USN-2810-1https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073echttps://lists.debian.org/debian-lts-announce/2018/01/msg00040.htmlhttp://krbdev.mit.edu/rt/Ticket/Display.html?id=8050http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0794.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:069http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/74042http://www.ubuntu.com/usn/USN-2810-1https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073echttps://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
2015-02-20
Published