QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2014-4345

Back to search

CVE-2014-4345

Published: Aug 14, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.

VendorProductVersions

n/a

n/a

affected
n/a

References

FEDORA-2014-9315
vendor-advisory
x_refsource_FEDORA
61353
third-party-advisory
x_refsource_SECUNIA
kerberos-cve20144345-bo(95212)
vdb-entry
x_refsource_XF
59993
third-party-advisory
x_refsource_SECUNIA
FEDORA-2014-9305
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2014:1043
vendor-advisory
x_refsource_SUSE
RHSA-2015:0439
vendor-advisory
x_refsource_REDHAT
61314
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2014:1028
vendor-advisory
x_refsource_SUSE
1030705
vdb-entry
x_refsource_SECTRACK
60535
third-party-advisory
x_refsource_SECUNIA
109908
vdb-entry
x_refsource_OSVDB
69168
vdb-entry
x_refsource_BID
DSA-3000
vendor-advisory
x_refsource_DEBIAN
MDVSA-2014:165
vendor-advisory
x_refsource_MANDRIVA
GLSA-201412-53
vendor-advisory
x_refsource_GENTOO
59415
third-party-advisory
x_refsource_SECUNIA
RHSA-2014:1255
vendor-advisory
x_refsource_REDHAT
60776
third-party-advisory
x_refsource_SECUNIA
59102
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now