Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2014-5353

Disclosure Date: December 16, 2014 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

canonical,
debian,
fedoraproject,
mit,
opensuse,
oracle,
redhat

Products

debian linux 7.0,
enterprise linux desktop 6.0,
enterprise linux eus 6.6,
enterprise linux eus 7.3,
enterprise linux eus 7.4,
enterprise linux eus 7.5,
enterprise linux eus 7.6,
enterprise linux eus 7.7,
enterprise linux server 6.0,
enterprise linux server 7.0,
enterprise linux server aus 6.6,
enterprise linux server aus 7.3,
enterprise linux server aus 7.4,
enterprise linux server aus 7.6,
enterprise linux server aus 7.7,
enterprise linux server tus 6.6,
enterprise linux server tus 7.3,
enterprise linux server tus 7.6,
enterprise linux server tus 7.7,
enterprise linux workstation 6.0,
fedora 22,
kerberos 5,
opensuse 13.1,
opensuse 13.2,
solaris 10,
solaris 11.2,
ubuntu linux 10.04,
ubuntu linux 12.04,
ubuntu linux 14.04,
ubuntu linux 14.10

References

Canonical

CVE-2014-5353 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353)

BID-71679 (http://www.securityfocus.com/bid/71679)

Advisory

http://rhn.redhat.com/errata/RHSA-2015-0794.html

[debian-lts-announce] 20180131 [SECURITY] [DLA 1265-1] krb5 security update (https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226

FEDORA-2015-5949 (http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html)

http://www.mandriva.com/security/advisories?name=MDVSA-2015:009

http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html

SECTRACK-1031376 (http://www.securitytracker.com/id/1031376)

http://rhn.redhat.com/errata/RHSA-2015-0439.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3

USN-2498-1 (http://www.ubuntu.com/usn/USN-2498-1)

http://advisories.mageia.org/MGASA-2014-0536.html

Rapid7

Technical Analysis