CVE-2014-5352

Current Description

The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.

Evaluator Description

CWE-416: Use After Free

Basic Data

PublishedFebruary 19, 2015
Last ModifiedJanuary 21, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.0
SeverityHIGH
Exploitability Score8.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMitKerberos 51.11*******
    2.3ApplicationMitKerberos 51.11.1*******
    2.3ApplicationMitKerberos 51.11.2*******
    2.3ApplicationMitKerberos 51.11.3*******
    2.3ApplicationMitKerberos 51.11.4*******
    2.3ApplicationMitKerberos 51.11.5*******
    2.3ApplicationMitKerberos 51.12*******
    2.3ApplicationMitKerberos 51.12.1*******
    2.3ApplicationMitKerberos 51.12.2*******
    2.3ApplicationMitKerberos 51.13*******

Vulnerable Software List

VendorProductVersions
Mit Kerberos 5 1.11, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.12, 1.12.1, 1.12.2, 1.13

References

NameSourceURLTags
FEDORA-2015-2382http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.htmlFEDORA
FEDORA-2015-2347http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.htmlFEDORA
SUSE-SU-2015:0257http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.htmlSUSE
SUSE-SU-2015:0290http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.htmlSUSE
openSUSE-SU-2015:0255http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.htmlSUSE
RHSA-2015:0439http://rhn.redhat.com/errata/RHSA-2015-0439.htmlREDHAT
RHSA-2015:0794http://rhn.redhat.com/errata/RHSA-2015-0794.htmlREDHAT
http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txthttp://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txtCONFIRM
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txthttp://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txtCONFIRM
DSA-3153http://www.debian.org/security/2015/dsa-3153DEBIAN
MDVSA-2015:069http://www.mandriva.com/security/advisories?name=MDVSA-2015:069MANDRIVA
72495http://www.securityfocus.com/bid/72495BID
USN-2498-1http://www.ubuntu.com/usn/USN-2498-1UBUNTU
https://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506ahttps://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506aCONFIRMVendor Advisory