Denial of Service Vulnerability in MIT Kerberos 5 libgssapi_krb5
CVE-2014-5352

Currently unrated

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
19 February 2015

What is CVE-2014-5352?

The krb5_gss_process_context_token function in the MIT Kerberos 5 libgssapi_krb5 library fails to properly maintain security-context handles. This oversight allows remote authenticated users to potentially cause a denial of service through crafted GSSAPI traffic, leading to situations such as use-after-free and double free errors. The issue may also enable the execution of arbitrary code due to improper handling of security-context tokens.

References

http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-00...
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-0794.html
vendor-advisoryx_refsource_REDHAT

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.