CVE-2014-9422
Published: 3 February 2015
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.
Priority
Status
Package | Release | Status |
---|---|---|
krb5 Launchpad, Ubuntu, Debian |
upstream |
Released
(1.12.1+dfsg-17)
|
lucid |
Released
(1.8.1+dfsg-2ubuntu0.14)
|
|
precise |
Released
(1.10+dfsg~beta1-2ubuntu0.6)
|
|
trusty |
Released
(1.12+dfsg-2ubuntu5.1)
|
|
utopic |
Released
(1.12.1+dfsg-10ubuntu0.1)
|
|
Patches: upstream: https://github.com/krb5/krb5/commit/6609658db0799053fbef0d7d0aa2f1fd68ef32d8 upstream: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt |
||
Binaries built from this source package are in Universe and so are supported by the community. |