Debian: DSA-3000-1 Critical: krb5 Buffer Overflow Attack Risk
debian
August 9, 2014
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos
Topics Covered
Summary
CVE-2014-4341
An unauthenticated remote attacker with the ability to inject
packets into a legitimately established GSSAPI application session
can cause a program crash due to invalid memory references when
attempting to read beyond the end of a buffer.
CVE-2014-4342
An unauthenticated remote attacker with the ability to inject
packets into a legitimately established GSSAPI application session
can cause a program crash due to invalid memory references when
reading beyond the end of a buffer or by causing a null pointer
dereference.
CVE-2014-4343
An unauthenticated remote attacker with the ability to spoof packets
appearing to be from a GSSAPI acceptor can cause a double-free
condition in GSSAPI initiators (clients) which are using the SPNEGO
mechanism, by returning a different underlying mechanism than was
proposed by the initiator. A remote attacker could exploit this flaw
to cause an application crash or potentially execute arbitrary code.
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: krb5
CVE ID: CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!