Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mageiaGentoo FoundationMGASA-2014-0477
HistoryNov 21, 2014 - 3:44 p.m.

Updated krb5 packages fix security vulnerability

2014-11-2115:44:16
Gentoo Foundation
advisories.mageia.org
10

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

66.0%

JSON

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access (CVE-2014-5351).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchkrb5< 1.11.1-1.5krb5-1.11.1-1.5.mga3
Mageia4noarchkrb5< 1.11.4-1.2krb5-1.11.4-1.2.mga4

Related

prion 1
securityvulns 2
aix 1
ubuntucve 1
altlinux 3
openvas 10
fedora 2
nessus 11
debiancve 1
cve 1
gentoo 1
suse 2
osv 1
debian 1
ubuntu 1
prion
prion
Cross site request forgery (csrf)
2014-10-10 01:55:00
securityvulns
securityvulns
MIT krb5 privilege escalation
2014-11-24 00:00:00
[ MDVSA-2014:224 ] krb5
2014-11-24 00:00:00
aix
aix
AIX NAS vulnerability
2015-01-20 04:42:45
ubuntucve
ubuntucve
CVE-2014-5351
2014-10-09 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package krb5 version 1.13-alt1
2014-10-31 00:00:00
Security fix for the ALT Linux 8 package krb5 version 1.13-alt1
2014-10-31 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.13-alt1
2014-10-31 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0477)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1410-1)
2021-06-09 00:00:00
Gentoo Security Advisory GLSA 201412-53
2015-09-29 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: krb5-1.12.2-9.fc21
2014-10-08 19:01:55
[SECURITY] Fedora 20 Update: krb5-1.11.5-18.fc20
2015-03-09 08:18:34
nessus
nessus
Fedora 21 : krb5-1.12.2-9.fc21 (2014-11940)
2014-10-09 00:00:00
AIX NAS Advisory : nas_advisory2.asc
2015-01-27 00:00:00
Mandriva Linux Security Advisory : krb5 (MDVSA-2014:224)
2014-11-23 00:00:00
debiancve
debiancve
CVE-2014-5351
2014-10-10 01:55:00
cve
cve
CVE-2014-5351
2014-10-10 01:55:00
gentoo
gentoo
MIT Kerberos 5: User-assisted execution of arbitrary code
2014-12-31 00:00:00
suse
suse
Security update for krb5 (important)
2015-02-16 14:05:49
Security update for krb5 (important)
2015-02-16 15:04:57
osv
osv
krb5 - security update
2018-01-31 00:00:00
debian
debian
[SECURITY] [DLA 1265-1] krb5 security update
2018-01-31 17:06:55
ubuntu
ubuntu
Kerberos vulnerabilities
2015-02-10 00:00:00

2.1 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

66.0%

JSON
Related for MGASA-2014-0477
prion1securityvulns2aix1ubuntucve1altlinux3openvas10fedora2nessus11debiancve1cve1gentoo1suse2osv1debian1ubuntu1