MGASA-2014-0477

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2014-5351

Published: 21 Nov 2014, 12:44

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Nov 2014, 12:44

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated krb5 packages fix security vulnerability The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access (CVE-2014-5351).

Affected Systems

mageia•krb5
< 1.11.1-1.5.mga3
mageia•krb5
< 1.11.4-1.2.mga4

References (3)

https://advisories.mageia.org/MGASA-2014-0477.html
https://bugs.mageia.org/show_bug.cgi?id=14581
https://bugzilla.redhat.com/show_bug.cgi?id=1145425