CVE - CVE-2014-5353

CVE-ID
CVE-2014-5353	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:71679 URL:http://www.securityfocus.com/bid/71679 CONFIRM:http://advisories.mageia.org/MGASA-2014-0536.html CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html CONFIRM:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226 CONFIRM:https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3 FEDORA:FEDORA-2015-5949 URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html MANDRIVA:MDVSA-2015:009 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:009 MLIST:[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html REDHAT:RHSA-2015:0439 URL:http://rhn.redhat.com/errata/RHSA-2015-0439.html REDHAT:RHSA-2015:0794 URL:http://rhn.redhat.com/errata/RHSA-2015-0794.html SECTRACK:1031376 URL:http://www.securitytracker.com/id/1031376 SUSE:openSUSE-SU-2015:0542 URL:http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html UBUNTU:USN-2498-1 URL:http://www.ubuntu.com/usn/USN-2498-1
Assigning CNA
MITRE Corporation
Date Record Created
20140819	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20140819)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)