{"id":"USN-2498-1","summary":"krb5 vulnerabilities","details":"It was discovered that Kerberos incorrectly sent old keys in response to a\n-randkey -keepold request. An authenticated remote attacker could use this\nissue to forge tickets by leveraging administrative access. This issue\nonly affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.\n(CVE-2014-5351)\n\nIt was discovered that the libgssapi_krb5 library incorrectly processed\nsecurity context handles. A remote attacker could use this issue to cause\na denial of service, or possibly execute arbitrary code. (CVE-2014-5352)\n\nPatrik Kis discovered that Kerberos incorrectly handled LDAP queries with\nno results. An authenticated remote attacker could use this issue to cause\nthe KDC to crash, resulting in a denial of service. (CVE-2014-5353)\n\nIt was discovered that Kerberos incorrectly handled creating database\nentries for a keyless principal when using LDAP. An authenticated remote\nattacker could use this issue to cause the KDC to crash, resulting in a\ndenial of service. (CVE-2014-5354)\n\nIt was discovered that Kerberos incorrectly handled memory when processing\nXDR data. A remote attacker could use this issue to cause kadmind to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2014-9421)\n\nIt was discovered that Kerberos incorrectly handled two-component server\nprincipals. A remote attacker could use this issue to perform impersonation\nattacks. (CVE-2014-9422)\n\nIt was discovered that the libgssrpc library leaked uninitialized bytes. A\nremote attacker could use this issue to possibly obtain sensitive\ninformation. (CVE-2014-9423)\n","modified":"2026-02-10T04:40:52Z","published":"2015-02-10T20:04:14Z","related":["UBUNTU-CVE-2014-5351","UBUNTU-CVE-2014-5352","UBUNTU-CVE-2014-5353","UBUNTU-CVE-2014-5354","UBUNTU-CVE-2014-9421","UBUNTU-CVE-2014-9422","UBUNTU-CVE-2014-9423"],"upstream":["CVE-2014-5351","CVE-2014-5352","CVE-2014-5353","CVE-2014-5354","CVE-2014-9421","CVE-2014-9422","CVE-2014-9423","UBUNTU-CVE-2014-5351","UBUNTU-CVE-2014-5352","UBUNTU-CVE-2014-5353","UBUNTU-CVE-2014-5354","UBUNTU-CVE-2014-9421","UBUNTU-CVE-2014-9422","UBUNTU-CVE-2014-9423"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2498-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-5351"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-5352"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-5353"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-5354"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9421"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9422"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-9423"}],"affected":[{"package":{"name":"krb5","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/krb5@1.12+dfsg-2ubuntu5.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12+dfsg-2ubuntu5.1"}]}],"versions":["1.10.1+dfsg-6.1ubuntu1","1.11.3+dfsg-3ubuntu2","1.12+dfsg-2ubuntu1","1.12+dfsg-2ubuntu2","1.12+dfsg-2ubuntu3","1.12+dfsg-2ubuntu4","1.12+dfsg-2ubuntu4.2","1.12+dfsg-2ubuntu5"],"ecosystem_specific":{"binaries":[{"binary_name":"krb5-admin-server","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"krb5-gss-samples","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"krb5-kdc","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"krb5-kdc-ldap","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"krb5-locales","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"krb5-multidev","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"krb5-otp","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"krb5-pkinit","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"krb5-user","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libgssapi-krb5-2","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libgssrpc4","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libk5crypto3","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libkadm5clnt-mit9","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libkadm5srv-mit8","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libkadm5srv-mit9","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libkdb5-7","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libkrad-dev","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libkrad0","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libkrb5-3","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libkrb5-dev","binary_version":"1.12+dfsg-2ubuntu5.1"},{"binary_name":"libkrb5support0","binary_version":"1.12+dfsg-2ubuntu5.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2014-5351","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2014-5352","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-5353","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2014-5354","severity":[{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2014-9421","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-9422","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2014-9423","severity":[{"type":"Ubuntu","score":"low"}]}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2498-1.json"}}],"schema_version":"1.7.3"}