1. Home
  2. CVE Database
  3. CVE-2014-9422
MEDIUM · 6.1

CVE-2014-9422

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users...

Vulnerability Description

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.

CVSS Score

6.1

MEDIUM

AV:N/AC:H/Au:S/C:P/I:P/A:C
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
COMPLETE

Affected Products

VendorProductVersions
MitKerberos 51.11

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2014-9422?

CVE-2014-9422 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users...

How severe is CVE-2014-9422?

CVE-2014-9422 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-9422?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5.