Computer Security
[EN] securityvulns.ru no-pyccku


MIT krb5 privilege escalation
Published:24.11.2014
Source:
SecurityVulns ID:14094
Type:local
Threat Level:
5/10
Description:Under some conditions, kadm5_randkey_principal_3() returns old keys.
Affected:MIT : krb5 1.12
CVE:CVE-2014-5351 (The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:224 ] krb5 (24.11.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod