Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2014-5353
HistoryDec 16, 2014 - 11:59 p.m.

CVE-2014-5353

2014-12-1623:59:00
CWE-476
[email protected]
web.nvd.nist.gov
5

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

AI Score

6.2

Confidence

High

EPSS

0.008

Percentile

82.3%

JSON

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

Affected configurations

Nvd
Node
mitkerberos_5Range<1.13.1
Node
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_eusMatch6.6
OR
redhatenterprise_linux_eusMatch7.3
OR
redhatenterprise_linux_eusMatch7.4
OR
redhatenterprise_linux_eusMatch7.5
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch6.6
OR
redhatenterprise_linux_server_ausMatch7.3
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_tusMatch6.6
OR
redhatenterprise_linux_server_tusMatch7.3
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch6.0
Node
fedoraprojectfedoraMatch22
Node
debiandebian_linuxMatch7.0
Node
canonicalubuntu_linuxMatch10.04-
OR
canonicalubuntu_linuxMatch12.04-
OR
canonicalubuntu_linuxMatch14.04esm
OR
canonicalubuntu_linuxMatch14.10
Node
oraclesolarisMatch10
OR
oraclesolarisMatch11.2
Node
opensuseopensuseMatch13.1
OR
opensuseopensuseMatch13.2

Related

nessus 23
openvas 15
securityvulns 2
cvelist 1
veracode 2
ubuntucve 1
debiancve 1
prion 1
mageia 1
fedora 4
cve 1
altlinux 3
freebsd 3
amazon 1
centos 2
oraclelinux 2
redhat 2
ibm 5
archlinux 1
osv 1
debian 1
ubuntu 1
nessus
nessus
Mandriva Linux Security Advisory : krb5 (MDVSA-2015:009)
2015-01-09 00:00:00
Fedora 22 : krb5-1.13.1-2.fc22 (2015-5949)
2015-04-23 00:00:00
FreeBSD : krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092 (3a888a1e-b321-11e4-83b2-206a8a720317)
2015-02-13 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0536)
2022-01-28 00:00:00
Fedora Update for krb5 FEDORA-2015-5949
2015-07-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1282-1)
2021-06-09 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:009 ] krb5
2015-01-13 00:00:00
MIT Kerberos 5 DoS
2015-01-13 00:00:00
cvelist
cvelist
CVE-2014-5353
2014-12-16 23:00:00
veracode
veracode
Denial Of Service (DoS)
2018-08-13 03:20:21
Arbitrary Code Execution
2019-05-02 05:13:02
ubuntucve
ubuntucve
CVE-2014-5353
2014-12-16 00:00:00
debiancve
debiancve
CVE-2014-5353
2014-12-16 23:59:00
prion
prion
Design/Logic Flaw
2014-12-16 23:59:00
mageia
mageia
Updated krb5 packages fix CVE-2014-5353
2014-12-19 18:06:35
fedora
fedora
[SECURITY] Fedora 22 Update: krb5-1.13.1-2.fc22
2015-04-22 22:50:11
[SECURITY] Fedora 21 Update: krb5-1.12.2-14.fc21
2015-03-12 16:33:54
[SECURITY] Fedora 21 Update: krb5-1.12.2-17.fc21
2015-06-21 00:28:50
cve
cve
CVE-2014-5353
2014-12-16 23:59:00
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.13-alt2
2014-12-23 00:00:00
Security fix for the ALT Linux 7 package krb5 version 1.13-alt2
2014-12-23 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.13-alt2
2014-12-23 00:00:00
freebsd
freebsd
krb5 -- Vulnerabilities in kadmind, libgssrpc, gss_process_context_token VU#540092
2015-02-12 00:00:00
krb5 1.12 -- New release/fix multiple vulnerabilities
2015-02-20 00:00:00
krb5 1.11 -- New release/fix multiple vulnerabilities
2015-02-25 00:00:00
amazon
amazon
Medium: krb5
2015-05-05 15:44:00
centos
centos
krb5 security update
2015-04-09 11:47:52
krb5 security update
2015-03-17 13:28:30
oraclelinux
oraclelinux
krb5 security update
2015-04-09 00:00:00
krb5 security, bug fix and enhancement update
2015-03-11 00:00:00
redhat
redhat
(RHSA-2015:0794) Moderate: krb5 security update
2015-04-09 00:00:00
(RHSA-2015:0439) Moderate: krb5 security, bug fix and enhancement update
2015-03-05 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Kerberos (krb5) affect IBM Security Network Protection (CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, and CVE-2014-9422)
2018-06-16 21:25:59
Security Bulletin: Multiple vulnerabilities in unzip, krb5, tomcat, affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:30:13
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by multiple vulnerabilities in GNU C Library (glibc), krb5 and php
2020-11-02 20:22:51
archlinux
archlinux
krb5: multiple issues
2015-02-17 00:00:00
osv
osv
krb5 - security update
2018-01-31 00:00:00
debian
debian
[SECURITY] [DLA 1265-1] krb5 security update
2018-01-31 17:06:34
ubuntu
ubuntu
Kerberos vulnerabilities
2015-02-10 00:00:00

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

AI Score

6.2

Confidence

High

EPSS

0.008

Percentile

82.3%

JSON
Related for NVD:CVE-2014-5353
nessus23openvas15securityvulns2cvelist1veracode2ubuntucve1debiancve1prion1mageia1fedora4cve1altlinux3freebsd3amazon1centos2oraclelinux2redhat2ibm5archlinux1osv1debian1ubuntu1