7.6 - CVE-2014-4343

Executive Summary

Informations
Name	CVE-2014-4343	First vendor Publication	2014-08-14
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.6	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	High
Cvss Expoit Score	4.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-415	Double Free

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26961

Oval ID:	oval:org.mitre.oval:def:26961
Title:	AIX NAS double-free in SPNEGO
Description:	Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2014-4343	Version:	4
Platform(s):	IBM AIX 6.1 IBM AIX 7.1	Product(s):
Definition Synopsis:
platforms IBM AIX 6.1 is installed AND IBM AIX 7.1 is installed AND filesets krb5.server.rte equals 1.5.0.3 AND krb5.server.rte equals 1.5.0.4 AND krb5.server.rte equals 1.6.0.1 AND krb5.client.rte equals 1.5.0.3 AND krb5.client.rte equals 1.5.0.4 AND krb5.client.rte equals 1.6.0.1

Definition Id: oval:org.mitre.oval:def:27032

Oval ID:	oval:org.mitre.oval:def:27032
Title:	ELSA-2014-1389 -- krb5 security and bug fix update
Description:	[1.10.3-33] - actually apply that last patch [1.10.3-32] - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345, #1128157) [1.10.3-31] - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) [1.10.3-30] - ksu: when evaluating .k5users, treat lines with just a principal name as if they contained the principal name followed by '*', and don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target user's shell (#1026721, revised) [1.10.3-29] - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344, #1121510) - gssapi: pull in proposed-and-accepted fix for a double free in initiators (David Woodhouse, CVE-2014-4343, #1121510) [1.10.3-28] - correct a type mistake in the backported fix for CVE-2013-1418/CVE-2013-6800 [1.10.3-27] - pull in backported fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1121510) - incorporate backported patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7756, CVE-2013-1418/CVE-2013-6800, more of [1.10.3-26] - pull in backport of patch to not subsequently always require that responses come from master KDCs if we get one from a master somewhere along the way while chasing referrals (RT#7650, #1113652) [1.10.3-25] - ksu: if the -e flag isn't used, use the target user's shell when checking for authorization via the target user's .k5users file (#1026721) [1.10.3-24] - define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that it's declared (#1059730) [1.10.3-23] - spnego: pull in patch from master to restore preserving the OID of the mechanism the initiator requested when we have multiple OIDs for the same mechanism, so that we reply using the same mechanism OID and the initiator doesn't get confused (#1087068, RT#7858) [1.10.3-22] - add patch from Jatin Nansi to avoid attempting to clear memory at the NULL address if krb5_encrypt_helper() returns an error when called from encrypt_credencpart() (#1055329, pull #158) [1.10.3-21] - drop patch to add additional access() checks to ksu - they shouldn't be resulting in any benefit [1.10.3-20] - apply patch from Nikolai Kondrashov to pass a default realm set in /etc/sysconfig/krb5kdc to the kdb_check_weak helper, so that it doesn't produce an error if there isn't one set in krb5.conf (#1009389) [1.10.3-19] - packaging: don't Obsoletes: older versions of krb5-pkinit-openssl and virtual Provide: krb5-pkinit-openssl on EL6, where we don't need to bother with any of that (#1001961) [1.10.3-18] - pkinit: backport tweaks to avoid trying to call the prompter callback when one isn't set (part of #965721) - pkinit: backport the ability to use a prompter callback to prompt for a password when reading private keys (the rest of #965721) [1.10.3-17] - backport fix to not spin on a short read when reading the length of a response over TCP (RT#7508, #922884) [1.10.3-16] - backport fix for trying all compatible keys when not being strict about acceptor names while reading AP-REQs (RT#7883, #1070244)
Family:	unix	Class:	patch
Reference(s):	ELSA-2014-1389 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4344 CVE-2014-4345 CVE-2014-4342 CVE-2014-4343	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	krb5 krb5-devel krb5-libs krb5-pkinit-openssl krb5-server krb5-server-ldap krb5-workstation
Definition Synopsis:
Oracle Linux 6.x Packages match section krb5 is earlier than 0:1.10.3-33.el6 AND krb5-devel is earlier than 0:1.10.3-33.el6 AND krb5-libs is earlier than 0:1.10.3-33.el6 AND krb5-pkinit-openssl is earlier than 0:1.10.3-33.el6 AND krb5-server is earlier than 0:1.10.3-33.el6 AND krb5-server-ldap is earlier than 0:1.10.3-33.el6 AND krb5-workstation is earlier than 0:1.10.3-33.el6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mit Kerberos 5 cpe:2.3:a:mit:kerberos_5:1.12.1:::::::* cpe:2.3:a:mit:kerberos_5:1.12:::::::* cpe:2.3:a:mit:kerberos_5:1.11.5:::::::* cpe:2.3:a:mit:kerberos_5:1.11.4:::::::* cpe:2.3:a:mit:kerberos_5:1.11.3:::::::* cpe:2.3:a:mit:kerberos_5:1.11.2:::::::* cpe:2.3:a:mit:kerberos_5:1.11.1:::::::* cpe:2.3:a:mit:kerberos_5:1.11:::::::* cpe:2.3:a:mit:kerberos_5:1.10.4:::::::* cpe:2.3:a:mit:kerberos_5:1.10.3:::::::* cpe:2.3:a:mit:kerberos_5:1.10.2:::::::* cpe:2.3:a:mit:kerberos_5:1.10.1:::::::* cpe:2.3:a:mit:kerberos_5:1.10:::::::*	13
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:7.0:::::::*	1
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*	1
Os	Redhat Enterprise Linux Hpc Node cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*	1
Os	Redhat Enterprise Linux Server cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*	1
Os	Redhat Enterprise Linux Workstation cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*	1

Nessus® Vulnerability Scanner

Date	Description
2015-03-26	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150305_krb5_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-37.nasl - Type : ACT_GATHER_INFO
2015-03-18	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0439.nasl - Type : ACT_GATHER_INFO
2015-03-13	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0439.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0439.nasl - Type : ACT_GATHER_INFO
2015-02-26	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dbf9e66cbd5011e4a7ba206a8a720317.nasl - Type : ACT_GATHER_INFO
2015-01-02	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-53.nasl - Type : ACT_GATHER_INFO
2014-11-26	Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0034.nasl - Type : ACT_GATHER_INFO
2014-11-18	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-443.nasl - Type : ACT_GATHER_INFO
2014-11-12	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1389.nasl - Type : ACT_GATHER_INFO
2014-11-04	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141014_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1389.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1389.nasl - Type : ACT_GATHER_INFO
2014-10-10	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15553.nasl - Type : ACT_GATHER_INFO
2014-09-04	Name : The remote AIX host has a version of NAS installed that is affected by multip... File : aix_nas_advisory1.nasl - Type : ACT_GATHER_INFO
2014-08-12	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2310-1.nasl - Type : ACT_GATHER_INFO
2014-08-12	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-140729.nasl - Type : ACT_GATHER_INFO
2014-08-12	Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-486.nasl - Type : ACT_GATHER_INFO
2014-08-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3000.nasl - Type : ACT_GATHER_INFO
2014-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2014-8176.nasl - Type : ACT_GATHER_INFO
2014-08-08	Name : The remote Fedora host is missing a security update. File : fedora_2014-8189.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://advisories.mageia.org/MGASA-2014-0345.html
http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7969
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360....
http://rhn.redhat.com/errata/RHSA-2015-0439.html
http://secunia.com/advisories/59102
http://secunia.com/advisories/60082
http://secunia.com/advisories/60448
http://secunia.com/advisories/61052
http://security.gentoo.org/glsa/glsa-201412-53.xml
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15553.html
http://www.debian.org/security/2014/dsa-3000
http://www.osvdb.org/109390
http://www.securityfocus.com/bid/69159
http://www.securitytracker.com/id/1030706
https://bugzilla.redhat.com/show_bug.cgi?id=1121876
https://exchange.xforce.ibmcloud.com/vulnerabilities/95211
https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 12:41:24	Multiple Updates
2021-05-04 12:33:16	Multiple Updates
2021-04-22 01:39:52	Multiple Updates
2020-05-23 00:41:25	Multiple Updates
2017-08-29 09:24:37	Multiple Updates
2017-01-07 09:25:38	Multiple Updates
2016-08-27 00:24:33	Multiple Updates
2016-04-27 00:58:51	Multiple Updates
2015-03-27 13:28:23	Multiple Updates
2015-03-19 13:28:07	Multiple Updates
2015-03-14 13:25:31	Multiple Updates
2015-03-12 09:23:29	Multiple Updates
2015-03-06 13:25:50	Multiple Updates
2015-02-27 13:24:23	Multiple Updates
2015-02-19 09:22:50	Multiple Updates
2015-01-03 13:25:57	Multiple Updates
2014-11-27 13:28:33	Multiple Updates
2014-11-19 13:25:13	Multiple Updates
2014-11-13 13:27:05	Multiple Updates
2014-11-05 13:27:57	Multiple Updates
2014-10-18 13:26:04	Multiple Updates
2014-10-17 13:26:35	Multiple Updates
2014-10-16 13:25:32	Multiple Updates
2014-10-11 13:26:24	Multiple Updates
2014-09-05 13:24:18	Multiple Updates
2014-08-15 00:23:24	Multiple Updates
2014-08-14 21:28:24	Multiple Updates
2014-08-14 17:21:53	First insertion

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	18
Sources(s)	18
Nessus® Exploit(s)	21

	Related
9	RHSA-2015:0439
8.5	USN-2310-1
8.5	RHSA-2014:1389
8.5	GLSA-201412-53
8.5	DSA-3000
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)

7.6 - CVE-2014-4343

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU