SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
(CentOS Issues Fix) MIT Kerberos Multiple Flaws in kadmind Let Remote Users Obtain Potentially Sensitive Information and Remote Authenticted Users Execute Arbitrary Code
SecurityTracker Alert ID:  1032058
SecurityTracker URL:  http://securitytracker.com/id/1032058
CVE Reference:   CVE-2014-5352, CVE-2014-9421, CVE-2014-9422   (Links to External Site)
Date:  Apr 9 2015
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): krb5-1.11.x, krb5-1.12.x, and krb5-1.13.x
Description:   Several vulnerabilities were reported in MIT Kerberos. A remote authenticated user can execute arbitrary code on the target system. A remote user can obtain potentially sensitive information.

A remote authenticated user can send specially crafted data to trigger a use-after-free memory error in gss_process_context_token() and execute arbitrary code on the target system [CVE-2014-5352]. Other libgssrpc server applications may be affected.

A remote authenticated user can send specially crafted XDR data to trigger a use-after-free memory error in the kadmind daemon and execute arbitrary code on the target system [CVE-2014-9421]. Other libgssrpc server applications may be affected.

A remote authenticated user that has the key of a specially named principal (e.g., 'kad/root') can impersonate arbitrary users to kadmind [CVE-2014-9422].

libgssrpc applications, including kadmind, output 4-byte or 8-byte portions of uninitialized memory to the network in an unused "handle" field [CVE-2014-9423]. A remote user can obtain this information.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can obtain potentially sensitive information.

Solution:   CentOS has issued a fix for CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422.

The CentOS advisory is available at:

http://lists.centos.org/pipermail/centos-announce/2015-April/021058.html

Vendor URL:  web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6

Message History:   This archive entry is a follow-up to the message listed below.
Feb 3 2015 MIT Kerberos Multiple Flaws in kadmind Let Remote Users Obtain Potentially Sensitive Information and Remote Authenticted Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC