[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-9423Date: (C)2015-02-19   (M)2023-12-22


The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-72503
DSA-3153
FEDORA-2015-2347
FEDORA-2015-2382
MDVSA-2015:069
RHSA-2015:0439
SUSE-SU-2015:0257
SUSE-SU-2015:0290
USN-2498-1
http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt
https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c
openSUSE-SU-2015:0255

CWE    1
CWE-200
OVAL    11
oval:org.secpod.oval:def:24395
oval:org.secpod.oval:def:25774
oval:org.secpod.oval:def:109199
oval:org.secpod.oval:def:702410
...

© SecPod Technologies