CVE-2014-5352

Priority
Description
The krb5_gss_process_context_token function in
lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in
MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x
before 1.13.1 does not properly maintain security-context handles, which
allows remote authenticated users to cause a denial of service
(use-after-free and double free, and daemon crash) or possibly execute
arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to
kadmind.
Assigned-to
mdeslaur
Notes
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:released (1.12.1+dfsg-17)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.12+dfsg-2ubuntu5.1)
Patches:
Upstream:https://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506a
Upstream:http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt
Vendor:https://www.debian.org/security/2015/dsa-3153
More Information

Updated: 2020-09-10 03:08:25 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)