CVE-2014-4341
20.07.2014, 11:12
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mit | kerberos_5 | 𝑥 < 1.12.2 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_eus | 7.3 |
| redhat | enterprise_linux_eus | 7.4 |
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_eus | 7.6 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_eus | 7.3 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.6 |
| redhat | enterprise_linux_server_eus | 7.7 |
| redhat | enterprise_linux_tus | 7.3 |
| redhat | enterprise_linux_tus | 7.6 |
| redhat | enterprise_linux_tus | 7.7 |
| redhat | enterprise_linux_workstation | 7.0 |
| debian | debian_linux | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| krb5 |
| ||||||||||||||
| krb5-32bit |
| ||||||||||||||
| krb5-client |
| ||||||||||||||
| krb5-devel |
| ||||||||||||||
| krb5-doc |
| ||||||||||||||
| krb5-plugin-kdb-ldap |
| ||||||||||||||
| krb5-plugin-preauth-otp |
| ||||||||||||||
| krb5-plugin-preauth-pkinit |
| ||||||||||||||
| krb5-server |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||
|---|---|---|---|---|---|
| krb5-devel |
| ||||
| krb5-libs |
| ||||
| krb5-pkinit |
| ||||
| krb5-pkinit-openssl |
| ||||
| krb5-server |
| ||||
| krb5-server-ldap |
| ||||
| krb5-workstation |
|
Common Weakness Enumeration
References