Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2498-1
HistoryFeb 10, 2015 - 12:00 a.m.

Kerberos vulnerabilities

2015-02-1000:00:00
ubuntu.com
35

8.5 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.0%

JSON

Releases

  • Ubuntu 14.10
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04
  • Ubuntu 10.04

Packages

  • krb5 - MIT Kerberos Network Authentication Protocol

Details

It was discovered that Kerberos incorrectly sent old keys in response to a
-randkey -keepold request. An authenticated remote attacker could use this
issue to forge tickets by leveraging administrative access. This issue
only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2014-5351)

It was discovered that the libgssapi_krb5 library incorrectly processed
security context handles. A remote attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. (CVE-2014-5352)

Patrik Kis discovered that Kerberos incorrectly handled LDAP queries with
no results. An authenticated remote attacker could use this issue to cause
the KDC to crash, resulting in a denial of service. (CVE-2014-5353)

It was discovered that Kerberos incorrectly handled creating database
entries for a keyless principal when using LDAP. An authenticated remote
attacker could use this issue to cause the KDC to crash, resulting in a
denial of service. (CVE-2014-5354)

It was discovered that Kerberos incorrectly handled memory when processing
XDR data. A remote attacker could use this issue to cause kadmind to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2014-9421)

It was discovered that Kerberos incorrectly handled two-component server
principals. A remote attacker could use this issue to perform impersonation
attacks. (CVE-2014-9422)

It was discovered that the libgssrpc library leaked uninitialized bytes. A
remote attacker could use this issue to possibly obtain sensitive
information. (CVE-2014-9423)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchkrb5-admin-server< 1.12.1+dfsg-10ubuntu0.1UNKNOWN
Ubuntu14.10noarchkrb5-gss-samples< 1.12.1+dfsg-10ubuntu0.1UNKNOWN
Ubuntu14.10noarchkrb5-kdc< 1.12.1+dfsg-10ubuntu0.1UNKNOWN
Ubuntu14.10noarchkrb5-kdc-ldap< 1.12.1+dfsg-10ubuntu0.1UNKNOWN
Ubuntu14.10noarchkrb5-multidev< 1.12.1+dfsg-10ubuntu0.1UNKNOWN
Ubuntu14.10noarchkrb5-otp< 1.12.1+dfsg-10ubuntu0.1UNKNOWN
Ubuntu14.10noarchkrb5-pkinit< 1.12.1+dfsg-10ubuntu0.1UNKNOWN
Ubuntu14.10noarchkrb5-user< 1.12.1+dfsg-10ubuntu0.1UNKNOWN
Ubuntu14.10noarchlibgssapi-krb5-2< 1.12.1+dfsg-10ubuntu0.1UNKNOWN
Ubuntu14.10noarchlibgssrpc4< 1.12.1+dfsg-10ubuntu0.1UNKNOWN
Rows per page:
1-10 of 751

Related

openvas 28
nessus 38
fedora 5
archlinux 1
freebsd 4
suse 3
altlinux 9
debian 3
mageia 3
securityvulns 6
osv 3
ibm 9
aix 2
oraclelinux 2
veracode 5
centos 2
amazon 1
redhat 2
f5 6
ubuntucve 7
debiancve 7
prion 7
cve 7
attackerkb 1
gentoo 1
openvas
openvas
Ubuntu: Security Advisory (USN-2498-1)
2015-02-11 00:00:00
Fedora Update for krb5 FEDORA-2015-2347
2015-03-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0290-2)
2021-04-19 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Kerberos vulnerabilities (USN-2498-1)
2015-02-11 00:00:00
FreeBSD : krb5 1.12 -- New release/fix multiple vulnerabilities (63527d0d-b9de-11e4-8a48-206a8a720317)
2015-02-23 00:00:00
SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2015:0290-2)
2015-05-20 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: krb5-1.12.2-14.fc21
2015-03-12 16:33:54
[SECURITY] Fedora 21 Update: krb5-1.12.2-17.fc21
2015-06-21 00:28:50
[SECURITY] Fedora 20 Update: krb5-1.11.5-18.fc20
2015-03-09 08:18:34
archlinux
archlinux
krb5: multiple issues
2015-02-17 00:00:00
freebsd
freebsd
krb5 1.12 -- New release/fix multiple vulnerabilities
2015-02-20 00:00:00
krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
2015-02-03 00:00:00
krb5 1.11 -- New release/fix multiple vulnerabilities
2015-02-25 00:00:00
suse
suse
Security update for krb5 (important)
2015-02-16 14:05:49
Security update for krb5 (important)
2015-02-16 15:04:57
Security update for krb5 (important)
2015-02-11 18:08:30
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.13-alt3
2015-02-08 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.13-alt3
2015-02-08 00:00:00
Security fix for the ALT Linux 7 package krb5 version 1.13-alt3
2015-02-08 00:00:00
debian
debian
[SECURITY] [DSA 3153-1] krb5 security update
2015-02-03 20:50:06
[SECURITY] [DLA 146-1] krb5 security update
2015-02-07 10:52:32
[SECURITY] [DLA 1265-1] krb5 security update
2018-01-31 17:06:34
mageia
mageia
Updated krb5 packages fix security vulnerabilities
2015-02-15 18:57:20
Updated krb5 packages fix security vulnerability
2014-11-21 15:44:16
Updated krb5 packages fix CVE-2014-5353
2014-12-19 18:06:35
securityvulns
securityvulns
MIT Kerberos 5 multiple security vulnerabilities
2015-02-11 00:00:00
MITKRB5-SA-2015-001 Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
2015-02-11 00:00:00
[ MDVSA-2015:009 ] krb5
2015-01-13 00:00:00
osv
osv
krb5 - security update
2015-02-03 00:00:00
krb5 - security update
2015-02-07 00:00:00
krb5 - security update
2018-01-31 00:00:00
ibm
ibm
Security Bulletin: IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423)
2022-02-23 19:48:26
Security Bulletin: Multiple Kerberos (krb5) vulnerabilities affect PowerKVM (Multiple CVEs)
2018-06-18 01:27:54
Security Bulletin: Vulnerabilities in Kerberos (krb5) affect IBM Security Network Protection (CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, and CVE-2014-9422)
2018-06-16 21:25:59
aix
aix
Multiple Security vulnerabilities in IBM NAS(kerberos)
2015-05-21 05:06:05
AIX NAS vulnerability
2015-01-20 04:42:45
oraclelinux
oraclelinux
krb5 security update
2015-04-09 00:00:00
krb5 security, bug fix and enhancement update
2015-03-11 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:13:02
Privilege Escalation
2019-05-02 05:13:02
Denial Of Service (DoS)
2019-01-15 09:05:33
centos
centos
krb5 security update
2015-04-09 11:47:52
krb5 security update
2015-03-17 13:28:30
amazon
amazon
Medium: krb5
2015-05-05 15:44:00
redhat
redhat
(RHSA-2015:0794) Moderate: krb5 security update
2015-04-09 00:00:00
(RHSA-2015:0439) Moderate: krb5 security, bug fix and enhancement update
2015-03-05 00:00:00
f5
f5
K16443 : MIT Kerberos 5 vulnerabilities CVE-2014-9421 and CVE-2014-5352
2015-04-15 00:00:00
SOL16443 - MIT Kerberos 5 vulnerabilities CVE-2014-9421 and CVE-2014-5352
2015-04-15 00:00:00
K16441 : MIT Kerberos 5 vulnerability CVE-2014-9423
2015-04-15 00:00:00
ubuntucve
ubuntucve
CVE-2014-9423
2015-02-03 00:00:00
CVE-2014-9421
2015-02-03 00:00:00
CVE-2014-9422
2015-02-03 00:00:00
debiancve
debiancve
CVE-2014-9423
2015-02-19 11:59:00
CVE-2014-9421
2015-02-19 11:59:00
CVE-2014-5354
2014-12-16 23:59:00
prion
prion
Design/Logic Flaw
2015-02-19 11:59:00
Double free
2015-02-19 11:59:00
Authorization
2015-02-19 11:59:00
cve
cve
CVE-2014-9423
2015-02-19 11:59:00
CVE-2014-9421
2015-02-19 11:59:00
CVE-2014-9422
2015-02-19 11:59:00
attackerkb
attackerkb
Microsoft Internet Explorer Use-After-Free Vulnerability
2014-10-15 00:00:00
gentoo
gentoo
MIT Kerberos 5: User-assisted execution of arbitrary code
2014-12-31 00:00:00

8.5 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.0%

JSON
Related for USN-2498-1
openvas28nessus38fedora5archlinux1freebsd4suse3altlinux9debian3mageia3securityvulns6osv3ibm9aix2oraclelinux2veracode5centos2amazon1redhat2f56ubuntucve7debiancve7prion7cve7attackerkb1gentoo1