CVE-2014-5353 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.5 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:S/C:N/I:N/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Vendor	Product	Version
mit	kerberos_5	𝑥 < 1.13.1
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_eus	6.6
redhat	enterprise_linux_eus	7.3
redhat	enterprise_linux_eus	7.4
redhat	enterprise_linux_eus	7.5
redhat	enterprise_linux_eus	7.6
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	6.6
redhat	enterprise_linux_server_aus	7.3
redhat	enterprise_linux_server_aus	7.4
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_server_aus	7.7
redhat	enterprise_linux_server_tus	6.6
redhat	enterprise_linux_server_tus	7.3
redhat	enterprise_linux_server_tus	7.6
redhat	enterprise_linux_server_tus	7.7
redhat	enterprise_linux_workstation	6.0
debian	debian_linux	7.0
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10
oracle	solaris	11.2
opensuse	opensuse	13.1
opensuse	opensuse	13.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

krb5

bullseye (security)	1.18.3-6+deb11u5 fixed
bullseye	1.18.3-6+deb11u5 fixed
squeeze	no-dsa
bookworm	1.20.1-2+deb12u2 fixed
bookworm (security)	1.20.1-2+deb12u2 fixed
sid	1.21.3-3 fixed
trixie	1.21.3-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

krb5

utopic	Fixed 1.12.1+dfsg-10ubuntu0.1 released
trusty	Fixed 1.12+dfsg-2ubuntu5.1 released
precise	Fixed 1.10+dfsg~beta1-2ubuntu0.6 released
lucid	Fixed 1.8.1+dfsg-2ubuntu0.14 released

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

http://advisories.mageia.org/MGASA-2014-0536.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html

http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html

http://rhn.redhat.com/errata/RHSA-2015-0439.html

http://rhn.redhat.com/errata/RHSA-2015-0794.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:009

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.securityfocus.com/bid/71679

http://www.securitytracker.com/id/1031376

http://www.ubuntu.com/usn/USN-2498-1

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226

https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3

https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html

http://advisories.mageia.org/MGASA-2014-0536.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html

http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html

http://rhn.redhat.com/errata/RHSA-2015-0439.html

http://rhn.redhat.com/errata/RHSA-2015-0794.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:009

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.securityfocus.com/bid/71679

http://www.securitytracker.com/id/1031376

http://www.ubuntu.com/usn/USN-2498-1

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226

https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3

https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html