Lucene search

K

Gentoo FoundationMGASA-2015-0066

HistoryFeb 15, 2015 - 6:57 p.m.

Updated krb5 packages fix security vulnerabilities

2015-02-1518:57:20

Gentoo Foundation

advisories.mageia.org

13

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.018

Percentile

88.2%

Updated krb5 packages fix security vulnerabilities: Incorrect memory management in the libgssapi_krb5 library might result in denial of service or the execution of arbitrary code (CVE-2014-5352). Incorrect memory management in kadmind’s processing of XDR data might result in denial of service or the execution of arbitrary code (CVE-2014-9421). Incorrect processing of two-component server principals might result in impersonation attacks (CVE-2014-9422). An information leak in the libgssrpc library (CVE-2014-9423).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchkrb5< 1.11.4-1.4krb5-1.11.4-1.4.mga4

References

web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt

bugs.mageia.org/show_bug.cgi?id=15202

www.debian.org/security/2015/dsa-3153

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

EPSS

0.018

Percentile

88.2%

Related for MGASA-2015-0066

openvas20 securityvulns2 nessus25 osv2 altlinux3 freebsd3 debian2 ibm9 suse3 aix1 archlinux1 fedora3 f56 ubuntu1 redhat2 amazon1 centos2 veracode4 oraclelinux2 ubuntucve4 debiancve4 cvelist4 prion4 cve4 nvd4 attackerkb1