CVE-2014-5352

2015-02-0300:00:00

ubuntu.com

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.1%

JSON

The krb5_gss_process_context_token function in
lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in
MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x
before 1.13.1 does not properly maintain security-context handles, which
allows remote authenticated users to cause a denial of service
(use-after-free and double free, and daemon crash) or possibly execute
arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to
kadmind.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchkrb5< 1.8.1+dfsg-2ubuntu0.14UNKNOWN
ubuntu12.04noarchkrb5< 1.10+dfsg~beta1-2ubuntu0.6UNKNOWN
ubuntu14.04noarchkrb5< 1.12+dfsg-2ubuntu5.1UNKNOWN
ubuntu14.10noarchkrb5< 1.12.1+dfsg-10ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	krb5	< 1.8.1+dfsg-2ubuntu0.14	UNKNOWN
ubuntu	12.04	noarch	krb5	< 1.10+dfsg~beta1-2ubuntu0.6	UNKNOWN
ubuntu	14.04	noarch	krb5	< 1.12+dfsg-2ubuntu5.1	UNKNOWN
ubuntu	14.10	noarch	krb5	< 1.12.1+dfsg-10ubuntu0.1	UNKNOWN