CVE-2014-5351
First published: Tue Sep 23 2014(Updated: )
It was reported that if a privileged user randomized the keys for a service principal, the old key would be returned to them. This could lead to ticket forgery attacks on the service in question. This issue has been fixed in upstream version 1.13. Red Hat Enterprise Linux 6 and 7 are affected. Full details from the upstream report: "" An authenticated remote attacker can retrieve the current keys for a service principal when generating a new set of keys for that principal. The attacker needs to be authenticated as a user who has the elevated privilege for randomizing the keys of other principals. Normally, when a Kerberos administrator randomizes the keys of a service principal, kadmind returns only the new keys. This prevents an administrator who lacks legitimate privileged access to a service from forging tickets to authenticate to that service. If the "keepold" flag to the kadmin randkey RPC operation is true, kadmind retains the old keys in the KDC database as intended, but also unexpectedly returns the old keys to the client, which exposes the service to ticket forgery attacks from the administrator. A mitigating factor is that legitimate clients of the affected service will start failing to authenticate to the service once they begin to receive service tickets encrypted in the new keys. The affected service will be unable to decrypt the newly issued tickets, possibly alerting the legitimate administrator of the affected service. "" Upstream patch: <a href="https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca">https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca</a> References: <a href="http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018">http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MIT Kerberos 5 | =1.12.2 | |
| redhat/krb5 | <1.13 | 1.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2014-0477.html
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
- http://security.gentoo.org/glsa/glsa-201412-53.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:224
- http://www.securityfocus.com/bid/70380
- http://www.securitytracker.com/id/1031003
- http://www.ubuntu.com/usn/USN-2498-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1145425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97028
- https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
- https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1145426
- https://access.redhat.com/security/updates/classification/
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-5351
- agent/software-canonical-lookup
- agent/tags
- agent/trending
- vendor/mit
- canonical/mit kerberos 5
- version/mit kerberos 5/1.12.2
- package-manager/redhat