CVE-2014-9422

MIT Kerberos 5 <= 1.11.5, 1.12.x <= 1.12.2, 1.13.x < 1.13.1 - Authenticated Authorization Bypass via kadmind Principal

Title source: llm
STIX 2.1

Description

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.

References (14)

Core 14
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0794.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3153
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0439.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72494
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:069
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2498-1
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html

Scores

EPSS 0.0079
EPSS Percentile 74.2%

Details

CWE
CWE-284
Status published
Products (10)
mit/kerberos_5 1.11
mit/kerberos_5 1.11.1
mit/kerberos_5 1.11.2
mit/kerberos_5 1.11.3
mit/kerberos_5 1.11.4
mit/kerberos_5 1.11.5
mit/kerberos_5 1.12
mit/kerberos_5 1.12.1
mit/kerberos_5 1.12.2
mit/kerberos_5 1.13
Published Feb 19, 2015
Tracked Since Feb 18, 2026