{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-03T00:00:00", "descriptions": [{"lang": "en", "value": "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2015-2347", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"}, {"name": "RHSA-2015:0794", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0794.html"}, {"name": "FEDORA-2015-2382", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html"}, {"name": "DSA-3153", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3153"}, {"name": "openSUSE-SU-2015:0255", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html"}, {"name": "RHSA-2015:0439", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"}, {"name": "SUSE-SU-2015:0290", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html"}, {"name": "MDVSA-2015:069", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069"}, {"name": "USN-2498-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2498-1"}, {"name": "SUSE-SU-2015:0257", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html"}, {"name": "72495", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72495"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506a"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5352", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2015-2347", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"}, {"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"}, {"name": "RHSA-2015:0794", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0794.html"}, {"name": "FEDORA-2015-2382", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html"}, {"name": "DSA-3153", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3153"}, {"name": "openSUSE-SU-2015:0255", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html"}, {"name": "RHSA-2015:0439", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"}, {"name": "SUSE-SU-2015:0290", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html"}, {"name": "MDVSA-2015:069", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069"}, {"name": "USN-2498-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2498-1"}, {"name": "SUSE-SU-2015:0257", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html"}, {"name": "72495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72495"}, {"name": "https://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506a", "refsource": "CONFIRM", "url": "https://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506a"}, {"name": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt", "refsource": "CONFIRM", "url": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:41:48.869Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2015-2347", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"}, {"name": "RHSA-2015:0794", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0794.html"}, {"name": "FEDORA-2015-2382", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html"}, {"name": "DSA-3153", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3153"}, {"name": "openSUSE-SU-2015:0255", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html"}, {"name": "RHSA-2015:0439", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"}, {"name": "SUSE-SU-2015:0290", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html"}, {"name": "MDVSA-2015:069", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069"}, {"name": "USN-2498-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2498-1"}, {"name": "SUSE-SU-2015:0257", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html"}, {"name": "72495", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72495"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506a"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-5352", "datePublished": "2015-02-19T11:00:00", "dateReserved": "2014-08-19T00:00:00", "dateUpdated": "2024-08-06T11:41:48.869Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*", "matchCriteriaId": "2D554BDC-CD7D-4572-B1E8-5F627F2C5916", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "65BCD38A-33AD-4FD7-AF5B-8470B24C4139", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "E11F9209-799A-428B-9513-DBD0F19C7BF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "1DA40FAA-B858-4282-8438-247E99FBB002", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "65795542-D886-46C4-8ECB-4630078DF66A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "D0A4C436-C3D7-469E-8895-8EEC9569EE86", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*", "matchCriteriaId": "79A9FAE9-7219-4D6A-9E94-FFE20223537D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EA68BC90-FCFC-4C9B-8574-9029DB2358E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "9D0A28CB-173D-4676-B083-E3718213B840", "vulnerable": true}, {"criteria": "cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*", "matchCriteriaId": "169D00BD-344F-453C-BE7C-9DF0740080BB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind."}, {"lang": "es", "value": "La funci\u00f3n krb5_gss_process_context_token en lib/gssapi/krb5/process_context_token.c en la librar\u00eda libgssapi_krb5 en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) hasta 1.11.5, 1.12.x hasta 1.12.2, y 1.13.x anterior a 1.13.1 no mantiene correctamente los manejos en el contexto de seguridad, lo que permite a usuarios remotos autenticados causar una denegaci\u00f3n de servicio (uso despu\u00e9s de liberaci\u00f3n y doble liberaci\u00f3n, y ca\u00edda del demonio) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de trafico GSSAPI manipulado, tal y como fue demostrado por trafico a kadmind."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "id": "CVE-2014-5352", "lastModified": "2020-01-21T15:46:57.183", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-19T11:59:00.047", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-0794.html"}, {"source": "cve@mitre.org", "url": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt"}, {"source": "cve@mitre.org", "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3153"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/72495"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2498-1"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/krb5/krb5/commit/82dc33da50338ac84c7b4102dc6513d897d0506a"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "affected_release": [{"advisory": "RHSA-2015:0794", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "krb5-0:1.10.3-37.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-04-09T00:00:00Z"}, {"advisory": "RHSA-2015:0439", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "krb5-0:1.12.2-14.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-05T00:00:00Z"}], "bugzilla": {"description": "krb5: gss_process_context_token() incorrectly frees context (MITKRB5-SA-2015-001)", "id": "1179856", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179856"}, "csaw": false, "cvss": {"cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-416", "details": ["The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", "A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application."], "name": "CVE-2014-5352", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "krb5", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "jbossas", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Not affected", "package_name": "krb5", "product_name": "Red Hat JBoss Enterprise Web Server 2"}], "public_date": "2015-02-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-5352\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5352\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}