CVE-2014-5351

Publication date 9 October 2014

Last updated 24 July 2024


Ubuntu priority

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.

Status

Package Ubuntu Release Status
krb5 14.10 utopic
Not affected
14.04 LTS trusty
Fixed 1.12+dfsg-2ubuntu5.1
12.04 LTS precise
Fixed 1.10+dfsg~beta1-2ubuntu0.6
10.04 LTS lucid
Fixed 1.8.1+dfsg-2ubuntu0.14

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
krb5

References

Related Ubuntu Security Notices (USN)

    • USN-2498-1
    • Kerberos vulnerabilities
    • 10 February 2015

Other references