Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/krb...
CONFIRM: http://advisories.mage...
CONFIRM: https://bugs.debian.or...
MANDRIVA: MDVSA-2015:009
BID: 71679
REDHAT: RHSA-2015:0439
UBUNTU: USN-2498-1
SUSE: openSUSE-SU-2015:0542
REDHAT: RHSA-2015:0794
FEDORA: FEDORA-2015-5949
CONFIRM: http://www.oracle.com/...
SECTRACK: 1031376
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2014-5353

Related bugs

References