MIT krb5 Denial of Service Vulnerability (CVE-2014-5355)
MIT krb5 Denial of Service Vulnerability (CVE-2014-5355)
Release date:
Updated on:
Affected Systems:
MIT Kerberos 5 <= 1.13.1
Description:
CVE (CAN) ID: CVE-2014-5355
Kerberos is a widely used super-powerful encryption to verify the network protocol between the client and the server.
MIT Kerberos 5 1.13.1 and earlier versions. It is incorrectly considered that the krb5_read_message numeric field is a string ending with the '\ 0' character, which allows remote attackers to pass the zero-byte version string, or, the vulnerability causes a denial of service by ignoring the '\ 0' character.
<* Source: Tim Uglow
*>
Suggestion:
Vendor patch:
MIT
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec
This article permanently updates the link address: