CVE-2014-5353

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 17-12-2014 12:59

Last modified: - 19-10-2022 04:59

Total changes: - 3

Description

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:S/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

3.5

Base score

6.8

2.9

Exploitability score

Impact score

Verification logic

Reference

https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
MDVSA-2015:009-Third Party Advisory
71679-Third Party Advisory, VDB Entry
http://advisories.mageia.org/MGASA-2014-0536.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226
RHSA-2015:0439-Third Party Advisory
USN-2498-1-Third Party Advisory
openSUSE-SU-2015:0542-Mailing List, Third Party Advisory
RHSA-2015:0794-Third Party Advisory
FEDORA-2015-5949-Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
1031376-Third Party Advisory, VDB Entry
[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update-Mailing List, Third Party Advisory

Keywords

CVE-2014-5353

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-5353

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures