CVE - CVE-2014-4343

CVE-ID
CVE-2014-4343	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://krbdev.mit.edu/rt/Ticket/Display.html?id=7969 CONFIRM:https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f CONFIRM:http://advisories.mageia.org/MGASA-2014-0345.html CONFIRM:http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc CONFIRM:http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15553.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1121876 DEBIAN:DSA-3000 URL:http://www.debian.org/security/2014/dsa-3000 FEDORA:FEDORA-2014-8189 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html GENTOO:GLSA-201412-53 URL:http://security.gentoo.org/glsa/glsa-201412-53.xml REDHAT:RHSA-2015:0439 URL:http://rhn.redhat.com/errata/RHSA-2015-0439.html BID:69159 URL:http://www.securityfocus.com/bid/69159 OSVDB:109390 URL:http://www.osvdb.org/109390 SECTRACK:1030706 URL:http://www.securitytracker.com/id/1030706 SECUNIA:60448 URL:http://secunia.com/advisories/60448 SECUNIA:61052 URL:http://secunia.com/advisories/61052 SECUNIA:59102 URL:http://secunia.com/advisories/59102 SECUNIA:60082 URL:http://secunia.com/advisories/60082 XF:kerberos-cve20144343-dos(95211) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/95211
Assigning CNA
N/A
Date Entry Created
20140620	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140620)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org