Search for vulnerabilities
Vulnerability details: VCID-u4rj-gy3s-aaas
Vulnerability ID VCID-u4rj-gy3s-aaas
Aliases CVE-2014-9422
Summary The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial "kadmind" substring, as demonstrated by a "ka/x" principal.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-284 Improper Access Control
CWE-697 Incorrect Comparison
CWE-305 Authentication Bypass by Primary Weakness
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9422.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0439
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0794
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.00712 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.0102 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
epss 0.02149 https://api.first.org/data/v1/epss?cve=CVE-2014-9422
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1179861
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
cvssv2 4.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.1 https://nvd.nist.gov/vuln/detail/CVE-2014-9422
generic_textual Low https://ubuntu.com/security/notices/USN-2498-1
generic_textual Low http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt
Reference id Reference type URL
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9422.html
http://rhn.redhat.com/errata/RHSA-2015-0439.html
http://rhn.redhat.com/errata/RHSA-2015-0794.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9422.json
https://api.first.org/data/v1/epss?cve=CVE-2014-9422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/krb5/krb5/commit/6609658db0799053fbef0d7d0aa2f1fd68ef32d8
https://ubuntu.com/security/notices/USN-2498-1
http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt
http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt
http://www.debian.org/security/2015/dsa-3153
http://www.mandriva.com/security/advisories?name=MDVSA-2015:069
http://www.securityfocus.com/bid/72494
http://www.ubuntu.com/usn/USN-2498-1
1179861 https://bugzilla.redhat.com/show_bug.cgi?id=1179861
cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*
cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*
CVE-2014-9422 https://nvd.nist.gov/vuln/detail/CVE-2014-9422
RHSA-2015:0439 https://access.redhat.com/errata/RHSA-2015:0439
RHSA-2015:0794 https://access.redhat.com/errata/RHSA-2015:0794
USN-2498-1 https://usn.ubuntu.com/2498-1/
No exploits are available.
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2014-9422
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.80886
EPSS Score 0.00712
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.