Home > Vulnerability Database > CVE-2014-5354

Mend.io Vulnerability Database

CVE-2014-5354

Good to know:

Date: December 16, 2014

plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.

Language: C

Severity Score

3.1

Related Resources (7)

Url: http://www.securitytracker.com/id/1031376

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-5354

Url: http://www.ubuntu.com/usn/USN-2498-1

Url: https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16

Url: http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html

Url: http://www.securityfocus.com/bid/71680

Url: https://www.mend.io/vulnerability-database/CVE-2014-5354

Severity Score

3.1

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-5354

Good to know:

Date: December 16, 2014

Language: C

Severity Score

Related Resources (7)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?