CVE-2014-4342

Published: Jul 20, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

Affected (35)

Products: Debian: Debian Linux · Mit: Kerberos, Kerberos 5 · Redhat: Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server, Enterprise Linux Workstation

1 product

2 products

4 products

Enterprise Linux Desktop

Enterprise Linux Hpc Node

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0

Configuration B

30 vulnerable

Vulnerable Software	Affected Versions
Mit Kerberos	Version 5-1.10.5
Mit Kerberos	Version 5-1.10.6
Mit Kerberos	Version 5-1.10.7
Mit Kerberos	Version 5-1.8 alpha1
Mit Kerberos 5	Version 1.10.1
Mit Kerberos 5	Version 1.10.2
Mit Kerberos 5	Version 1.10.3
Mit Kerberos 5	Version 1.10.4
Mit Kerberos 5	Version 1.10
Mit Kerberos 5	Version 1.11.1
Mit Kerberos 5	Version 1.11.2
Mit Kerberos 5	Version 1.11.3
Mit Kerberos 5	Version 1.11.4
Mit Kerberos 5	Version 1.11
Mit Kerberos 5	Version 1.12.1
Mit Kerberos 5	Version 1.12
Mit Kerberos 5	Version 1.7.1
Mit Kerberos 5	Version 1.7
Mit Kerberos 5	Version 1.8.1
Mit Kerberos 5	Version 1.8.2
Mit Kerberos 5	Version 1.8.3
Mit Kerberos 5	Version 1.8.4
Mit Kerberos 5	Version 1.8.5
Mit Kerberos 5	Version 1.8.6
Mit Kerberos 5	Version 1.8
Mit Kerberos 5	Version 1.9.1
Mit Kerberos 5	Version 1.9.2
Mit Kerberos 5	Version 1.9.3
Mit Kerberos 5	Version 1.9.4
Mit Kerberos 5	Version 1.9

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Hpc Node	Version 7.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Workstation	Version 7.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (24)

http://advisories.mageia.org/MGASA-2014-0345.html

Source: cve@mitre.org

Third Party Advisory

http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949

Source: cve@mitre.org

Issue TrackingVendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-0439.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/59102

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/60082

Source: cve@mitre.org

Not Applicable

http://www.debian.org/security/2014/dsa-3000

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2014:165

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: cve@mitre.org

PatchThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/68908

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1030706

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/94903

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://advisories.mageia.org/MGASA-2014-0345.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-0439.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/59102

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://secunia.com/advisories/60082

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://www.debian.org/security/2014/dsa-3000

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2014:165

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/68908

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1030706

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/94903

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.