CVE-2014-4341 — MEDIUM (5.0)

Q: What is CVE-2014-4341?

CVE-2014-4341 is a vulnerability with a CVSS score of 5.0 (MEDIUM). MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

Q: How severe is CVE-2014-4341?

CVE-2014-4341 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-4341?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.

Vulnerability Description

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mit	Kerberos 5	< 1.12.2
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Eus	7.3
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.3
Redhat	Enterprise Linux Server Eus	7.3
Redhat	Enterprise Linux Tus	7.3
Redhat	Enterprise Linux Workstation	7.0
Debian	Debian Linux	7.0
Fedoraproject	Fedora	20

Related Weaknesses (CWE)

CWE-125

References

http://advisories.mageia.org/MGASA-2014-0345.htmlThird Party Advisory
http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.ascThird Party Advisory
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.htmThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0439.htmlThird Party Advisory
http://secunia.com/advisories/59102Third Party Advisory
http://secunia.com/advisories/60082Third Party Advisory
http://secunia.com/advisories/60448Third Party Advisory
http://security.gentoo.org/glsa/glsa-201412-53.xmlThird Party Advisory
http://www.debian.org/security/2014/dsa-3000Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:165Third Party Advisory
http://www.securityfocus.com/bid/68909Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1030706Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/94904Third Party AdvisoryVDB Entry
https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73PatchThird Party Advisory

FAQ

What is CVE-2014-4341?

CVE-2014-4341 is a vulnerability with a CVSS score of 5.0 (MEDIUM). MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

How severe is CVE-2014-4341?

CVE-2014-4341 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-4341?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus.