Lucene search

K

Gentoo FoundationMGASA-2014-0536

HistoryDec 19, 2014 - 6:06 p.m.

Updated krb5 packages fix CVE-2014-5353

2014-12-1918:06:35

Gentoo Foundation

advisories.mageia.org

11

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.5%

Updated krb5 packages fix security vulnerability: In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause a NULL dereference by attempting to use a named ticket policy object as a password policy for a principal. The attacker needs to be authenticated as a user who has the elevated privilege for setting password policy by adding or modifying principals (CVE-2014-5353).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchkrb5< 1.11.4-1.3krb5-1.11.4-1.3.mga4

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226

bugs.mageia.org/show_bug.cgi?id=14816

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.5%

Related for MGASA-2014-0536

securityvulns2 nessus22 openvas15 ubuntucve1 fedora4 cve1 prion1 debiancve1 veracode2 altlinux3 freebsd3 oraclelinux2 amazon1 centos2 ibm5 redhat2 debian1 osv1 archlinux1 ubuntu1