Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11402

HistoryJan 15, 2019 - 9:01 a.m.

Denial Of Service (DoS)

2019-01-1509:01:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

libkrb5.so is vulnerable to denial of service (DoS) attacks. The vulnerability exists in the krb5_encode_krbsecretkey function of plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c where authenticated users can cause DoS attacks through a series of cpw -keepold commands.

CPENameOperatorVersion
krb5eq1.6.1__78.el5
krb5eq1.6.1__17.el5_1.1
krb5eq1.8.2__3.el6_0.7
krb5eq1.6.1__55.el5_6.2
krb5eq1.6.1__36.el5
krb5eq1.6.1__31.el5_3.3
krb5eq1.6.1__55.el5_6.1
krb5eq1.10.3__10.el6_4.1
krb5eq1.6.1__36.el5_5.4
krb5eq1.10.3__10.el6_4.2

Rows per page:

1-10 of 431

References

advisories.mageia.org/MGASA-2014-0345.html

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

krbdev.mit.edu/rt/Ticket/Display.html?id=7980

linux.oracle.com/errata/ELSA-2014-1255.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html

lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html

lists.opensuse.org/opensuse-updates/2014-08/msg00030.html

rhn.redhat.com/errata/RHSA-2014-1255.html

rhn.redhat.com/errata/RHSA-2015-0439.html

secunia.com/advisories/59102

secunia.com/advisories/59415

secunia.com/advisories/59993

secunia.com/advisories/60535

secunia.com/advisories/60776

secunia.com/advisories/61314

secunia.com/advisories/61353

security.gentoo.org/glsa/glsa-201412-53.xml

web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt

www.debian.org/security/2014/dsa-3000

www.mandriva.com/security/advisories?name=MDVSA-2014:165

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.osvdb.org/109908

www.securityfocus.com/bid/69168

www.securitytracker.com/id/1030705

access.redhat.com/security/updates/classification/#moderate

blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors

bugzilla.redhat.com/show_bug.cgi?id=1128157

exchange.xforce.ibmcloud.com/vulnerabilities/95212

github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1

github.com/krb5/krb5/pull/181

rhn.redhat.com/errata/RHSA-2014-1255.html

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

Related for VERACODE:11402

f52 securityvulns2 prion1 redhat3 nessus24 centos3 veracode1 oraclelinux3 openvas19 ubuntucve1 nvd1 cvelist1 cve1 suse1 debiancve1 gentoo1 debian3 osv2 mageia1 amazon1 fedora3 freebsd1 ubuntu1 ibm1 oracle1