MGASA-2014-0536

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2014-5353
Published: 19 Dec 2014, 15:06
Last modified:16 Apr 2026, 06:23

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

19 Dec 2014, 15:06
Published
Vulnerability first disclosed
16 Apr 2026, 06:23
Last Modified
Vulnerability information updated

Description

Updated krb5 packages fix CVE-2014-5353 Updated krb5 packages fix security vulnerability: In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause a NULL dereference by attempting to use a named ticket policy object as a password policy for a principal. The attacker needs to be authenticated as a user who has the elevated privilege for setting password policy by adding or modifying principals (CVE-2014-5353).

Affected Systems

  • mageiakrb5

    < 1.11.4-1.3.mga4

References (3)