Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-9422HistoryFeb 19, 2015 - 11:59 a.m.
CVE-2014-9422
2015-02-1911:59:00
Debian Security Bug Tracker
security-tracker.debian.org
11
6.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:P/I:P/A:C
0.008 Low
EPSS
Percentile
81.6%
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial “kadmind” substring, as demonstrated by a “ka/x” principal.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | krb5 | < 1.12.1+dfsg-17 | krb5_1.12.1+dfsg-17_all.deb |
| Debian | 11 | all | krb5 | < 1.12.1+dfsg-17 | krb5_1.12.1+dfsg-17_all.deb |
| Debian | 10 | all | krb5 | < 1.12.1+dfsg-17 | krb5_1.12.1+dfsg-17_all.deb |
| Debian | 999 | all | krb5 | < 1.12.1+dfsg-17 | krb5_1.12.1+dfsg-17_all.deb |
| Debian | 13 | all | krb5 | < 1.12.1+dfsg-17 | krb5_1.12.1+dfsg-17_all.deb |
Related
f5
f5
K16442 : MIT Kerberos 5 vulnerability CVE-2014-9422
2015-04-15 00:00:00
SOL16442 - MIT Kerberos 5 vulnerability CVE-2014-9422
2015-04-15 00:00:00
prion
prion
Authorization
2015-02-19 11:59:00
ubuntucve
ubuntucve
CVE-2014-9422
2015-02-03 00:00:00
cve
cve
CVE-2014-9422
2015-02-19 11:59:00
veracode
veracode
Privilege Escalation
2019-05-02 05:13:02
Arbitrary Code Execution
2019-05-02 05:13:02
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.13-alt3
2015-02-08 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.13-alt3
2015-02-08 00:00:00
Security fix for the ALT Linux 7 package krb5 version 1.13-alt3
2015-02-08 00:00:00
debian
debian
[SECURITY] [DSA 3153-1] krb5 security update
2015-02-03 20:50:06
[SECURITY] [DLA 146-1] krb5 security update
2015-02-07 10:52:32
freebsd
freebsd
krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
2015-02-03 00:00:00
krb5 1.12 -- New release/fix multiple vulnerabilities
2015-02-20 00:00:00
krb5 1.11 -- New release/fix multiple vulnerabilities
2015-02-25 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0257-1)
2021-06-09 00:00:00
SUSE: Security Advisory for krb5 (SUSE-SU-2015:0257-1)
2015-10-13 00:00:00
Debian Security Advisory DSA 3153-1 (krb5 - security update)
2015-02-03 00:00:00
mageia
mageia
Updated krb5 packages fix security vulnerabilities
2015-02-15 18:57:20
securityvulns
securityvulns
MIT Kerberos 5 multiple security vulnerabilities
2015-02-11 00:00:00
osv
osv
krb5 - security update
2015-02-03 00:00:00
krb5 - security update
2015-02-07 00:00:00
nessus
nessus
Debian DLA-146-1 : krb5 security update
2015-03-26 00:00:00
SuSE 11.3 Security Update : krb5 (SAT Patch Number 10282)
2015-02-12 00:00:00
Debian DSA-3153-1 : krb5 - security update
2015-02-04 00:00:00
suse
suse
Security update for krb5 (important)
2015-02-11 18:08:30
Security update for krb5 (important)
2015-02-16 14:05:49
Security update for krb5 (important)
2015-02-16 15:04:57
ibm
ibm
aix
aix
Multiple Security vulnerabilities in IBM NAS(kerberos)
2015-05-21 05:06:05
redhat
redhat
(RHSA-2015:0794) Moderate: krb5 security update
2015-04-09 00:00:00
(RHSA-2015:0439) Moderate: krb5 security, bug fix and enhancement update
2015-03-05 00:00:00
oraclelinux
oraclelinux
krb5 security update
2015-04-09 00:00:00
krb5 security, bug fix and enhancement update
2015-03-11 00:00:00
centos
centos
krb5 security update
2015-04-09 11:47:52
krb5 security update
2015-03-17 13:28:30
amazon
amazon
Medium: krb5
2015-05-05 15:44:00
fedora
fedora
[SECURITY] Fedora 21 Update: krb5-1.12.2-14.fc21
2015-03-12 16:33:54
[SECURITY] Fedora 21 Update: krb5-1.12.2-17.fc21
2015-06-21 00:28:50
[SECURITY] Fedora 20 Update: krb5-1.11.5-18.fc20
2015-03-09 08:18:34
archlinux
archlinux
krb5: multiple issues
2015-02-17 00:00:00
ubuntu
ubuntu
Kerberos vulnerabilities
2015-02-10 00:00:00
6.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:P/I:P/A:C
0.008 Low
EPSS
Percentile
81.6%
Related for DEBIANCVE:CVE-2014-9422