Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2310-1
HistoryAug 11, 2014 - 12:00 a.m.

Kerberos vulnerabilities

2014-08-1100:00:00
ubuntu.com
40

8.7 High

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.4%

JSON

Releases

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04
  • Ubuntu 10.04

Packages

  • krb5 - MIT Kerberos Network Authentication Protocol

Details

It was discovered that Kerberos incorrectly handled certain crafted Draft 9
requests. A remote attacker could use this issue to cause the daemon to
crash, resulting in a denial of service. This issue only affected Ubuntu
12.04 LTS. (CVE-2012-1016)

It was discovered that Kerberos incorrectly handled certain malformed
KRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this
issue to cause the daemon to crash, resulting in a denial of service. This
issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)

It was discovered that Kerberos incorrectly handled certain crafted TGS-REQ
requests. A remote authenticated attacker could use this issue to cause the
daemon to crash, resulting in a denial of service. This issue only affected
Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1416)

It was discovered that Kerberos incorrectly handled certain crafted
requests when multiple realms were configured. A remote attacker could use
this issue to cause the daemon to crash, resulting in a denial of service.
This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
(CVE-2013-1418, CVE-2013-6800)

It was discovered that Kerberos incorrectly handled certain invalid tokens.
If a remote attacker were able to perform a machine-in-the-middle attack, this
flaw could be used to cause the daemon to crash, resulting in a denial of
service. (CVE-2014-4341, CVE-2014-4342)

It was discovered that Kerberos incorrectly handled certain mechanisms when
used with SPNEGO. If a remote attacker were able to perform a
machine-in-the-middle attack, this flaw could be used to cause clients to
crash, resulting in a denial of service. (CVE-2014-4343)

It was discovered that Kerberos incorrectly handled certain continuation
tokens during SPNEGO negotiations. A remote attacker could use this issue
to cause the daemon to crash, resulting in a denial of service.
(CVE-2014-4344)

Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon
incorrectly handled buffers when used with the LDAP backend. A remote
attacker could use this issue to cause the daemon to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2014-4345)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchkrb5-admin-server< 1.12+dfsg-2ubuntu4.2UNKNOWN
Ubuntu14.04noarchkrb5-gss-samples< 1.12+dfsg-2ubuntu4.2UNKNOWN
Ubuntu14.04noarchkrb5-kdc< 1.12+dfsg-2ubuntu4.2UNKNOWN
Ubuntu14.04noarchkrb5-kdc-ldap< 1.12+dfsg-2ubuntu4.2UNKNOWN
Ubuntu14.04noarchkrb5-multidev< 1.12+dfsg-2ubuntu4.2UNKNOWN
Ubuntu14.04noarchkrb5-otp< 1.12+dfsg-2ubuntu4.2UNKNOWN
Ubuntu14.04noarchkrb5-pkinit< 1.12+dfsg-2ubuntu4.2UNKNOWN
Ubuntu14.04noarchkrb5-user< 1.12+dfsg-2ubuntu4.2UNKNOWN
Ubuntu14.04noarchlibgssapi-krb5-2< 1.12+dfsg-2ubuntu4.2UNKNOWN
Ubuntu14.04noarchlibgssrpc4< 1.12+dfsg-2ubuntu4.2UNKNOWN
Rows per page:
1-10 of 531

Related

nessus 53
openvas 49
oraclelinux 5
centos 5
amazon 2
redhat 5
fedora 13
debian 3
osv 2
mageia 2
veracode 7
aix 1
gentoo 2
securityvulns 5
prion 7
f5 8
cve 7
ibm 2
ubuntucve 7
freebsd 2
checkpoint_advisories 4
debiancve 5
altlinux 3
nessus
nessus
Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2310-1)
2014-08-12 00:00:00
OracleVM 3.3 : krb5 (OVMSA-2014-0034)
2014-11-26 00:00:00
RHEL 6 : krb5 (RHSA-2014:1389)
2014-10-14 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2310-1)
2014-08-12 00:00:00
Oracle: Security Advisory (ELSA-2014-1389)
2015-10-06 00:00:00
RedHat Update for krb5 RHSA-2014:1389-02
2014-10-15 00:00:00
oraclelinux
oraclelinux
krb5 security and bug fix update
2014-10-15 00:00:00
krb5 security and bug fix update
2014-09-17 00:00:00
krb5 security, bug fix and enhancement update
2015-03-11 00:00:00
centos
centos
krb5 security update
2014-10-20 18:09:24
krb5 security update
2014-09-30 11:21:52
krb5 security update
2013-03-18 20:32:47
amazon
amazon
Medium: krb5
2014-11-11 10:25:00
Medium: krb5
2013-04-18 13:58:00
redhat
redhat
(RHSA-2014:1389) Moderate: krb5 security and bug fix update
2014-10-14 00:00:00
(RHSA-2014:1245) Moderate: krb5 security and bug fix update
2014-09-16 00:00:00
(RHSA-2013:0656) Moderate: krb5 security update
2013-03-18 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: krb5-1.11.3-25.fc19
2014-08-27 01:34:45
[SECURITY] Fedora 19 Update: krb5-1.11.3-24.fc19
2014-08-07 15:27:20
[SECURITY] Fedora 20 Update: krb5-1.11.5-11.fc20
2014-08-15 02:45:53
debian
debian
[SECURITY] [DSA 3000-1] krb5 security update
2014-08-09 14:54:58
[SECURITY] [DSA 3000-1] krb5 security update
2014-08-09 14:55:17
[DLA 37-1] krb5 security update
2014-08-18 17:46:47
osv
osv
krb5 - security update
2014-08-18 00:00:00
krb5 - security update
2014-08-09 00:00:00
mageia
mageia
Updated krb5 package fixes security vulnerabilities
2014-08-22 14:58:14
Updated krb5 package fixes security vulnerabily
2013-11-21 00:38:57
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:04:04
Denial Of Service (DoS)
2019-05-02 05:04:04
Denial Of Service (DoS)
2019-05-02 04:54:30
aix
aix
Multiple Security vulnerabilities in IBM NAS
2014-08-28 03:15:00
gentoo
gentoo
MIT Kerberos 5: User-assisted execution of arbitrary code
2014-12-31 00:00:00
MIT Kerberos 5: Multiple vulnerabilities
2013-12-16 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:157 ] krb5
2013-05-04 00:00:00
MIT Kerberos 5 security vulnereabilities
2013-05-04 00:00:00
MIT Kerberos 5 DoS
2013-04-09 00:00:00
prion
prion
Null pointer dereference
2013-11-18 02:55:00
Null pointer dereference
2013-04-19 11:44:00
Design/Logic Flaw
2014-07-20 11:12:00
f5
f5
K15785 : Kerberos vulnerability CVE-2013-6800
2014-11-03 00:00:00
SOL15785 - Kerberos vulnerability CVE-2013-6800
2014-11-03 00:00:00
K15552 : MIT Kerberos 5 vulnerability CVE-2014-4341
2015-11-10 00:00:00
cve
cve
CVE-2013-6800
2013-11-18 02:55:00
CVE-2013-1415
2013-03-05 05:05:00
CVE-2014-4341
2014-07-20 11:12:00
ibm
ibm
Security Bulletin: IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-4341, CVE-2013-1418 )
2022-02-23 19:48:26
Security Bulletin: Power Hardware Management Console is affected by security vulnerabilities in Kerberos (CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423)
2021-09-23 01:31:39
ubuntucve
ubuntucve
CVE-2014-4342
2014-07-20 00:00:00
CVE-2013-6800
2013-11-17 00:00:00
CVE-2013-1416
2013-04-19 00:00:00
freebsd
freebsd
krb5 1.11 -- New release/fix multiple vulnerabilities
2015-02-25 00:00:00
krb5 -- null pointer dereference in the KDC PKINIT code [CVE-2013-1415]
2013-02-21 00:00:00
checkpoint_advisories
checkpoint_advisories
MIT Kerberos 5 KDC prep_reprocess_req NULL Pointer Dereference (CVE-2013-1416)
2013-08-25 00:00:00
MIT Kerberos 5 KDC pkinit_check_kdc_pkid NULL Pointer Dereference (CVE-2013-1415)
2013-03-27 00:00:00
Kerberos Multi-realm KDC NULL Pointer Dereference Denial of Service (CVE-2013-1418)
2013-01-06 00:00:00
debiancve
debiancve
CVE-2013-1415
2013-03-05 05:05:00
CVE-2013-1416
2013-04-19 11:44:00
CVE-2014-4341
2014-07-20 11:12:00
altlinux
altlinux
Security fix for the ALT Linux 7 package krb5 version 1.11.1-alt1
2013-03-30 00:00:00
Security fix for the ALT Linux 8 package krb5 version 1.11.1-alt1
2013-03-30 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.11.1-alt1
2013-03-30 00:00:00

8.7 High

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

0.956 High

EPSS

Percentile

99.4%

JSON
Related for USN-2310-1
nessus53openvas49oraclelinux5centos5amazon2redhat5fedora13debian3osv2mageia2veracode7aix1gentoo2securityvulns5prion7f58cve7ibm2ubuntucve7freebsd2checkpoint_advisories4debiancve5altlinux3