CVE-2014-9422

Priority
Description
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind
in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and
1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/*
authorization check and obtain administrative access by leveraging access
to a two-component principal with an initial "kadmind" substring, as
demonstrated by a "ka/x" principal.
Assigned-to
mdeslaur
Notes
Package
Source: krb5 (LP Ubuntu Debian)
Upstream:released (1.12.1+dfsg-17)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.12+dfsg-2ubuntu5.1)
Patches:
Upstream:https://github.com/krb5/krb5/commit/6609658db0799053fbef0d7d0aa2f1fd68ef32d8
Upstream:http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2020-09-10 03:13:28 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)