Bugzilla – Bug 891082
VUL-0: CVE-2014-4345: krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
Last modified: 2014-09-01 15:35:06 UTC
MIT krb5 Security Advisory 2014-001 Topic: Buffer overrun in kadmind with LDAP backend CVE: CVE-2014-4345 SUMMARY ======= In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow). This is not a protocol vulnerability. Using LDAP for the KDC database is a non-default configuration for the KDC. IMPACT ====== Historically, it has been possible to convert an out-of-bounds write into remote code execution in some cases, though the necessary exploits must be tailored to the individual application and are usually quite complicated. Depending on the allocated length of the array, an out-of-bounds write may also cause a segmentation fault and/or application crash. AFFECTED SOFTWARE ================= * The kadmind daemon from MIT krb5 releases 1.6 to 1.12.2, when configured to use the LDAP backend for the KDB, is vulnerable. Releases of MIT krb5 prior to 1.6 did not provide the ability to use LDAP for the KDB backend. See full details and patches at the mit.edu website. References: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt https://bugzilla.redhat.com/show_bug.cgi?id=1128157 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (891082) was mentioned in https://build.opensuse.org/request/show/244208 13.1+12.3 / krb5+krb5-mini+krb5-doc
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-08-19. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58552
Affected packages: SLE-10-SP3-TERADATA: krb5 SLE-11-SP1: krb5 SLE-11-SP3: krb5
SUSE-SU-2014:1028-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 891082 CVE References: CVE-2014-4345 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): krb5-1.6.3-133.49.62.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): krb5-1.6.3-133.49.62.1, krb5-doc-1.6.3-133.49.62.1, krb5-plugins-1.6.3-133.49.62.1 SUSE Linux Enterprise Server 11 SP3 (src): krb5-1.6.3-133.49.62.1, krb5-doc-1.6.3-133.49.62.1, krb5-plugins-1.6.3-133.49.62.1 SUSE Linux Enterprise Desktop 11 SP3 (src): krb5-1.6.3-133.49.62.1
openSUSE-SU-2014:1043-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 891082 CVE References: CVE-2014-4345 Sources used: openSUSE 13.1 (src): krb5-1.11.3-3.12.1, krb5-mini-1.11.3-3.12.1 openSUSE 12.3 (src): krb5-1.10.2-10.30.1, krb5-doc-1.10.2-10.30.2, krb5-mini-1.10.2-10.30.1
was released