Vulnerability DatabaseCVE-2014-4345
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-4345
August 14, 2014
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.
Related Resources (31)
http://secunia.com/advisories/59993
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980
http://secunia.com/advisories/61314
http://linux.oracle.com/errata/ELSA-2014-1255.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://secunia.com/advisories/61353
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://secunia.com/advisories/60776
http://rhn.redhat.com/errata/RHSA-2014-1255.html
https://github.com/krb5/krb5/pull/181
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html
https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1
http://secunia.com/advisories/59415
https://access.redhat.com/security/cve/CVE-2014-4345
http://advisories.mageia.org/MGASA-2014-0345.html
http://rhn.redhat.com/errata/RHSA-2015-0439.html
http://www.securitytracker.com/id/1030705
http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
http://www.osvdb.org/109908
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html
http://www.debian.org/security/2014/dsa-3000
http://security.gentoo.org/glsa/glsa-201412-53.xml
http://www.securityfocus.com/bid/69168
http://secunia.com/advisories/60535
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
http://secunia.com/advisories/59102
https://bugzilla.redhat.com/show_bug.cgi?id=1128157
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
8.5
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
EPSS
Base Score:
11.30