9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.157 Low
EPSS
Percentile
95.9%
The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6:
Handle certain invalid RFC 1964 GSS tokens correctly to avoid
invalid memory reference vulnerabilities. [CVE-2014-4341
Fix memory management vulnerabilities in GSSAPI SPNEGO.
[CVE-2014-4343 CVE-2014-4344]
Fix buffer overflow vulnerability in LDAP KDB back end.
[CVE-2014-4345]
Fix multiple vulnerabilities in the LDAP KDC back end.
[CVE-2014-5354 CVE-2014-5353]
Fix multiple kadmind vulnerabilities, some of which are based
in the gssrpc library. [CVE-2014-5352 CVE-2014-9421
CVE-2014-9422 CVE-2014-9423]