PublicDateAtUSN: 2014-07-21
Candidate: CVE-2014-4344
PublicDate: 2014-08-14 05:01:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344
 https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b
 https://ubuntu.com/security/notices/USN-2310-1
Description:
 The acc_ctx_cont function in the SPNEGO acceptor in
 lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through
 1.12.x before 1.12.2 allows remote attackers to cause a denial of service
 (NULL pointer dereference and application crash) via an empty continuation
 token at a certain point during a SPNEGO negotiation.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_krb5:
 upstream: https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b
upstream_krb5: released (1.12.1+dfsg-5)
lucid_krb5: released (1.8.1+dfsg-2ubuntu0.13)
precise_krb5: released (1.10+dfsg~beta1-2ubuntu0.5)
saucy_krb5: ignored (reached end-of-life)
trusty_krb5: released (1.12+dfsg-2ubuntu4.2)
trusty/esm_krb5: released (1.12+dfsg-2ubuntu4.2)
devel_krb5: not-affected (1.12.1+dfsg-6)