CVE-2014-9422

Published: 03 February 2015

The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.

Priority

Medium

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
Upstream
Released (1.12.1+dfsg-17)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.12+dfsg-2ubuntu5.1)
Patches:
Upstream: https://github.com/krb5/krb5/commit/6609658db0799053fbef0d7d0aa2f1fd68ef32d8
Upstream: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt
Binaries built from this source package are in Universe and so are supported by the community.