Wind River Support Network

HomeDefectsLIN6-9497
Fixed

LIN6-9497 : Security Advisory - krb5 - CVE-2014-9423

Created: Feb 25, 2015    Updated: Dec 3, 2018
Resolved Date: Jun 3, 2015
Found In Version: 6.0
Fix Version: 6.0.0.21
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9423

Other Downloads


Live chat
Online