Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-5351HistoryOct 10, 2014 - 1:55 a.m.
CVE-2014-5351
2014-10-1001:55:11
Debian Security Bug Tracker
security-tracker.debian.org
15
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
EPSS
0.003
Percentile
68.1%
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | krb5 | < 1.12.1+dfsg-10 | krb5_1.12.1+dfsg-10_all.deb |
| Debian | 11 | all | krb5 | < 1.12.1+dfsg-10 | krb5_1.12.1+dfsg-10_all.deb |
| Debian | 999 | all | krb5 | < 1.12.1+dfsg-10 | krb5_1.12.1+dfsg-10_all.deb |
| Debian | 13 | all | krb5 | < 1.12.1+dfsg-10 | krb5_1.12.1+dfsg-10_all.deb |
Related
securityvulns
securityvulns
MIT krb5 privilege escalation
2014-11-24 00:00:00
[ MDVSA-2014:224 ] krb5
2014-11-24 00:00:00
aix
aix
AIX NAS vulnerability
2015-01-20 04:42:45
mageia
mageia
Updated krb5 packages fix security vulnerability
2014-11-21 15:44:16
prion
prion
Cross site request forgery (csrf)
2014-10-10 01:55:00
cvelist
cvelist
CVE-2014-5351
2014-10-10 01:00:00
ubuntucve
ubuntucve
CVE-2014-5351
2014-10-09 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0477)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1410-1)
2021-06-09 00:00:00
Gentoo Security Advisory GLSA 201412-53
2015-09-29 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package krb5 version 1.13-alt1
2014-10-31 00:00:00
Security fix for the ALT Linux 8 package krb5 version 1.13-alt1
2014-10-31 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.13-alt1
2014-10-31 00:00:00
nessus
nessus
AIX NAS Advisory : nas_advisory2.asc
2015-01-27 00:00:00
Fedora 21 : krb5-1.12.2-9.fc21 (2014-11940)
2014-10-09 00:00:00
SuSE 11.3 Security Update : krb5 (SAT Patch Number 9827)
2014-11-13 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: krb5-1.12.2-9.fc21
2014-10-08 19:01:55
[SECURITY] Fedora 20 Update: krb5-1.11.5-18.fc20
2015-03-09 08:18:34
nvd
nvd
CVE-2014-5351
2014-10-10 01:55:11
cve
cve
CVE-2014-5351
2014-10-10 01:55:11
gentoo
gentoo
MIT Kerberos 5: User-assisted execution of arbitrary code
2014-12-31 00:00:00
suse
suse
Security update for krb5 (important)
2015-02-16 14:05:49
Security update for krb5 (important)
2015-02-16 15:04:57
osv
osv
krb5 - security update
2018-01-31 00:00:00
debian
debian
[SECURITY] [DLA 1265-1] krb5 security update
2018-01-31 17:06:34
ubuntu
ubuntu
Kerberos vulnerabilities
2015-02-10 00:00:00
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
EPSS
0.003
Percentile
68.1%
Related for DEBIANCVE:CVE-2014-5351