Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-4345

Disclosure Date: August 14, 2014
CVE-2014-4345
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of “cpw -keepold” commands.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2014-4345 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345)
BID-69168 (http://www.securityfocus.com/bid/69168)
Advisory
FEDORA-2014-9315 (http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html)
SECUNIA-61353 (http://secunia.com/advisories/61353)
XF-kerberos-cve20144345-bo(95212) (https://exchange.xforce.ibmcloud.com/vulnerabilities/95212)
https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1
SECUNIA-59993 (http://secunia.com/advisories/59993)
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980
http://linux.oracle.com/errata/ELSA-2014-1255.html
FEDORA-2014-9305 (http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
http://rhn.redhat.com/errata/RHSA-2015-0439.html
https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
SECUNIA-61314 (http://secunia.com/advisories/61314)
http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
SECTRACK-1030705 (http://www.securitytracker.com/id/1030705)
https://bugzilla.redhat.com/show_bug.cgi?id=1128157
SECUNIA-60535 (http://secunia.com/advisories/60535)
OSVDB-109908 (http://www.osvdb.org/109908)
DSA-3000 (http://www.debian.org/security/2014/dsa-3000)
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
GLSA-201412-53 (http://security.gentoo.org/glsa/glsa-201412-53.xml)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
SECUNIA-59415 (http://secunia.com/advisories/59415)
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
http://rhn.redhat.com/errata/RHSA-2014-1255.html
SECUNIA-60776 (http://secunia.com/advisories/60776)
https://github.com/krb5/krb5/pull/181
http://advisories.mageia.org/MGASA-2014-0345.html
SECUNIA-59102 (http://secunia.com/advisories/59102)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis