3.5

CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version < 1.13.1
RedhatEnterprise Linux Eus Version6.6
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
FedoraprojectFedora Version22
DebianDebian Linux Version7.0
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version14.10
OracleSolaris Version10
OracleSolaris Version11.2
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.97% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-0439.html
Third Party Advisory
http://www.ubuntu.com/usn/USN-2498-1
Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0536.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2015-0794.html
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:009
Third Party Advisory
http://www.securityfocus.com/bid/71679
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1031376
Third Party Advisory
VDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226
Third Party Advisory
Mailing List
Issue Tracking
https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
Patch
Third Party Advisory