Red Hat Bugzilla – Bug 1128157
CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001)
Last modified: 2018-10-25 15:24:09 EDT
Upstream released advisory [1] which fixes out-of-bounds write (buffer overflow) Summary from the advisory: ... In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow). This is not a protocol vulnerability. Using LDAP for the KDC database is a non-default configuration for the KDC. ... Further technical details and patches are available on the advisory page as well. External References: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt
krb5-1.11.5-11.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
krb5-1.11.3-25.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
IssueDescription: A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind.
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2014:1255 https://rhn.redhat.com/errata/RHSA-2014-1255.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1389 https://rhn.redhat.com/errata/RHSA-2014-1389.html
Statement: (none)
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0439 https://rhn.redhat.com/errata/RHSA-2015-0439.html