|
|
Subscribe / Log in / New account

krb5: NULL dereference

Package(s):krb5 CVE #(s):CVE-2014-5353
Created:December 22, 2014 Updated:June 22, 2015
Description: From the Mageia advisory:

In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause a NULL dereference by attempting to use a named ticket policy object as a password policy for a principal. The attacker needs to be authenticated as a user who has the elevated privilege for setting password policy by adding or modifying principals.

Alerts:
Fedora FEDORA-2015-7878 krb5 2015-06-21
Scientific Linux SLSA-2015:0794-1 krb5 2015-04-09
Oracle ELSA-2015-0794 krb5 2015-04-09
Red Hat RHSA-2015:0794-01 krb5 2015-04-09
CentOS CESA-2015:0794 krb5 2015-04-09
Scientific Linux SLSA-2015:0439-1 krb5 2015-03-25
openSUSE openSUSE-SU-2015:0542-1 krb5 2015-03-19
Red Hat RHSA-2015:0439-01 krb5 2015-03-05
Ubuntu USN-2498-1 krb5 2015-02-10
Oracle ELSA-2015-0439 krb5 2015-03-12
Mandriva MDVSA-2015:009 krb5 2015-01-08
Mageia MGASA-2014-0536 krb5 2014-12-19
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds