SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
MIT Kerberos recvauth_common() Message Handling Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1031767
SecurityTracker URL:  http://securitytracker.com/id/1031767
CVE Reference:   CVE-2014-5355   (Links to External Site)
Date:  Feb 18 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5-1.13.1 and prior
Description:   A vulnerability was reported in MIT Kerberos. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to trigger a null pointer dereference or memory read error in the recvauth_common() function in the krb5_recvauth code and cause the target service to crash.

Tim Uglow reported this vulnerability.

Impact:   A remote user can cause the target service to crash.
Solution:   A proposed fix is available at:

https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec

Vendor URL:  web.mit.edu/kerberos/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 9 2015 (Red Hat Issues Fix) MIT Kerberos recvauth_common() Message Handling Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Apr 9 2015 (CentOS Issues Fix) MIT Kerberos recvauth_common() Message Handling Flaw Lets Remote Users Deny Service
CentOS has issued a fix for CentOS 6.
May 22 2015 (IBM Issues Fix for IBM AIX NAS) MIT Kerberos recvauth_common() Message Handling Flaw Lets Remote Users Deny Service
IBM has issued an advisory for IBM AIX NAS.
Jul 25 2015 (IBM Issues Fix for IBM Security Network Protection) MIT Kerberos recvauth_common() Message Handling Flaw Lets Remote Users Deny Service
IBM has issued a fix for IBM Security Network Protection.
Nov 13 2015 (Ubuntu Issues Fix) MIT Kerberos recvauth_common() Message Handling Flaw Lets Remote Users Deny Service
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS, 14.04 LTS, 15.04, and 15.10.
Nov 20 2015 (Red Hat Issues Fix) MIT Kerberos recvauth_common() Message Handling Flaw Lets Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC