CVE-2014-4345
CVE-2014-4345
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://advisories.mageia.org/MGASA-2014-0345.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980http://linux.oracle.com/errata/ELSA-2014-1255.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.htmlhttp://lists.opensuse.org/opensuse-updates/2014-08/msg00030.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1255.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0439.htmlhttps://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errorshttps://bugzilla.redhat.com/show_bug.cgi?id=1128157