Attack (Attack ID:714915)

Release Date2015/04/28

Attack NameDOS MIT Kerberos 5 recvauth Invalid Memory Access -1 (CVE-2014-5355)

Severity

BUG ID

CVE ID

 

Description

The vulnerability occurs when recvauth_common() calls krb5_read_message() to receive and process a crafted message causing it to return an invalid string that later causes a NULL pointer dereference or an attempt to read beyond the end of a buffer.
Impact:Denial of service
Affected System:Linux, FreeBSD, Solaris, Other Unix
Additional References:CVE-2014-5355

 

Solution

Update vendor's patch.