Advisories ยป MGASA-2014-0536

Updated krb5 packages fix CVE-2014-5353

Publication date: 19 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-5353


Updated krb5 packages fix security vulnerability:

In MIT krb5, when kadmind is configured to use LDAP for the KDC
database, an authenticated remote attacker can cause a NULL dereference
by attempting to use a named ticket policy object as a password policy
for a principal.  The attacker needs to be authenticated as a user who
has the elevated privilege for setting password policy by adding or
modifying principals (CVE-2014-5353).