Debian Security Advisory
DLA-37-1 krb5 -- LTS security update
- Date Reported:
- 18 Aug 2014
- Affected Packages:
- krb5
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345.
- More information:
-
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2014-4341
An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when attempting to read beyond the end of a buffer.
- CVE-2014-4342
An unauthenticated remote attacker with the ability to inject packets into a legitimately established GSSAPI application session can cause a program crash due to invalid memory references when reading beyond the end of a buffer or by causing a null pointer dereference.
- CVE-2014-4343
An unauthenticated remote attacker with the ability to spoof packets appearing to be from a GSSAPI acceptor can cause a double-free condition in GSSAPI initiators (clients) which are using the SPNEGO mechanism, by returning a different underlying mechanism than was proposed by the initiator. A remote attacker could exploit this flaw to cause an application crash or potentially execute arbitrary code.
- CVE-2014-4344
An unauthenticated or partially authenticated remote attacker can cause a NULL dereference and application crash during a SPNEGO negotiation by sending an empty token as the second or later context token from initiator to acceptor.
- CVE-2014-4345
When kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow).
For Debian 6
Squeeze
, these issues have been fixed in krb5 version 1.8.3+dfsg-4squeeze8 - CVE-2014-4341