[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-9421Date: (C)2015-02-19   (M)2023-12-22


The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.0
Exploit Score: 8.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-72496
DSA-3153
FEDORA-2015-2347
FEDORA-2015-2382
MDVSA-2015:069
RHSA-2015:0439
RHSA-2015:0794
SUSE-SU-2015:0257
SUSE-SU-2015:0290
USN-2498-1
http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt
https://github.com/krb5/krb5/commit/a197e92349a4aa2141b5dff12e9dd44c2a2166e3
openSUSE-SU-2015:0255

OVAL    15
oval:org.secpod.oval:def:25774
oval:org.secpod.oval:def:109199
oval:org.secpod.oval:def:24395
oval:org.secpod.oval:def:1500978
...

© SecPod Technologies