{"id":"USN-2310-1","summary":"krb5 vulnerabilities","details":"It was discovered that Kerberos incorrectly handled certain crafted Draft 9\nrequests. A remote attacker could use this issue to cause the daemon to\ncrash, resulting in a denial of service. This issue only affected Ubuntu\n12.04 LTS. (CVE-2012-1016)\n\nIt was discovered that Kerberos incorrectly handled certain malformed\nKRB5_PADATA_PK_AS_REQ AS-REQ requests. A remote attacker could use this\nissue to cause the daemon to crash, resulting in a denial of service. This\nissue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1415)\n\nIt was discovered that Kerberos incorrectly handled certain crafted TGS-REQ\nrequests. A remote authenticated attacker could use this issue to cause the\ndaemon to crash, resulting in a denial of service. This issue only affected\nUbuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-1416)\n\nIt was discovered that Kerberos incorrectly handled certain crafted\nrequests when multiple realms were configured. A remote attacker could use\nthis issue to cause the daemon to crash, resulting in a denial of service.\nThis issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.\n(CVE-2013-1418, CVE-2013-6800)\n\nIt was discovered that Kerberos incorrectly handled certain invalid tokens.\nIf a remote attacker were able to perform a machine-in-the-middle attack, this\nflaw could be used to cause the daemon to crash, resulting in a denial of\nservice. (CVE-2014-4341, CVE-2014-4342)\n\nIt was discovered that Kerberos incorrectly handled certain mechanisms when\nused with SPNEGO. If a remote attacker were able to perform a\nmachine-in-the-middle attack, this flaw could be used to cause clients to\ncrash, resulting in a denial of service. (CVE-2014-4343)\n\nIt was discovered that Kerberos incorrectly handled certain continuation\ntokens during SPNEGO negotiations. A remote attacker could use this issue\nto cause the daemon to crash, resulting in a denial of service.\n(CVE-2014-4344)\n\nTomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon\nincorrectly handled buffers when used with the LDAP backend. A remote\nattacker could use this issue to cause the daemon to crash, resulting in a\ndenial of service, or possibly execute arbitrary code. (CVE-2014-4345)\n","modified":"2026-02-10T04:40:49Z","published":"2014-08-11T13:20:42Z","related":["UBUNTU-CVE-2014-4341","UBUNTU-CVE-2014-4342","UBUNTU-CVE-2014-4343","UBUNTU-CVE-2014-4344","UBUNTU-CVE-2014-4345"],"upstream":["CVE-2012-1016","CVE-2013-1416","CVE-2013-1418","CVE-2013-6800","CVE-2014-4341","CVE-2014-4342","CVE-2014-4343","CVE-2014-4344","CVE-2014-4345","UBUNTU-CVE-2012-1016","UBUNTU-CVE-2013-1415","UBUNTU-CVE-2013-1416","UBUNTU-CVE-2013-1418","UBUNTU-CVE-2013-6800","UBUNTU-CVE-2014-4341","UBUNTU-CVE-2014-4342","UBUNTU-CVE-2014-4343","UBUNTU-CVE-2014-4344","UBUNTU-CVE-2014-4345"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2310-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2012-1016"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-1415"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-1416"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-1418"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2013-6800"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4341"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4342"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4343"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4344"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-4345"}],"affected":[{"package":{"name":"krb5","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/krb5@1.12+dfsg-2ubuntu4.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12+dfsg-2ubuntu4.2"}]}],"versions":["1.10.1+dfsg-6.1ubuntu1","1.11.3+dfsg-3ubuntu2","1.12+dfsg-2ubuntu1","1.12+dfsg-2ubuntu2","1.12+dfsg-2ubuntu3","1.12+dfsg-2ubuntu4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"krb5-admin-server"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"krb5-gss-samples"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"krb5-kdc"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"krb5-kdc-ldap"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"krb5-locales"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"krb5-multidev"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"krb5-otp"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"krb5-pkinit"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"krb5-user"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libgssapi-krb5-2"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libgssrpc4"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libk5crypto3"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libkadm5clnt-mit9"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libkadm5srv-mit8"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libkadm5srv-mit9"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libkdb5-7"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libkrad-dev"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libkrad0"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libkrb5-3"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libkrb5-dev"},{"binary_version":"1.12+dfsg-2ubuntu4.2","binary_name":"libkrb5support0"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2310-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-4341"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-4342"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-4343"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-4344"},{"severity":[{"type":"Ubuntu","score":"medium"}],"id":"CVE-2014-4345"}]}}}],"schema_version":"1.7.3"}