CVE - CVE-2014-4345

CVE-ID
CVE-2014-4345	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:69168 URL:http://www.securityfocus.com/bid/69168 CONFIRM:http://advisories.mageia.org/MGASA-2014-0345.html CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 CONFIRM:http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980 CONFIRM:http://linux.oracle.com/errata/ELSA-2014-1255.html CONFIRM:http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CONFIRM:https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1128157 CONFIRM:https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1 CONFIRM:https://github.com/krb5/krb5/pull/181 DEBIAN:DSA-3000 URL:http://www.debian.org/security/2014/dsa-3000 FEDORA:FEDORA-2014-9305 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html FEDORA:FEDORA-2014-9315 URL:http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html GENTOO:GLSA-201412-53 URL:http://security.gentoo.org/glsa/glsa-201412-53.xml MANDRIVA:MDVSA-2014:165 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2014:165~~ (Obsolete source) OSVDB:109908 URL:~~http://www.osvdb.org/109908~~ (Obsolete source) REDHAT:RHSA-2014:1255 URL:http://rhn.redhat.com/errata/RHSA-2014-1255.html REDHAT:RHSA-2015:0439 URL:http://rhn.redhat.com/errata/RHSA-2015-0439.html SECTRACK:1030705 URL:http://www.securitytracker.com/id/1030705 SECUNIA:59102 URL:http://secunia.com/advisories/59102 SECUNIA:59415 URL:http://secunia.com/advisories/59415 SECUNIA:59993 URL:http://secunia.com/advisories/59993 SECUNIA:60535 URL:http://secunia.com/advisories/60535 SECUNIA:60776 URL:http://secunia.com/advisories/60776 SECUNIA:61314 URL:http://secunia.com/advisories/61314 SECUNIA:61353 URL:http://secunia.com/advisories/61353 SUSE:SUSE-SU-2014:1028 URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html SUSE:openSUSE-SU-2014:1043 URL:http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html XF:kerberos-cve20144345-bo(95212) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
Assigning CNA
MITRE Corporation
Date Record Created
20140620	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140620)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)