Back to search
CVE-2014-4344
Published: Aug 14, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/krb5/krb5/commit/a7886f0ed1277c69142b14a2c6629175a6331edc
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1121877
x_refsource_CONFIRM
https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b
x_refsource_CONFIRM
kerberos-cve20144344-dos(95210)
vdb-entry
x_refsource_XF
http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
x_refsource_CONFIRM
RHSA-2015:0439
vendor-advisory
x_refsource_REDHAT
60448
third-party-advisory
x_refsource_SECUNIA
http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15561.html
x_refsource_CONFIRM
FEDORA-2014-8189
vendor-advisory
x_refsource_FEDORA
61051
third-party-advisory
x_refsource_SECUNIA
DSA-3000
vendor-advisory
x_refsource_DEBIAN
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7970
x_refsource_CONFIRM
MDVSA-2014:165
vendor-advisory
x_refsource_MANDRIVA
69160
vdb-entry
x_refsource_BID
109389
vdb-entry
x_refsource_OSVDB
1030706
vdb-entry
x_refsource_SECTRACK
60082
third-party-advisory
x_refsource_SECUNIA
http://advisories.mageia.org/MGASA-2014-0345.html
x_refsource_CONFIRM
59102
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now