fkie_nvd - fkie_cve-2014-9423

FKIE_CVE-2014-9423

Vulnerability from fkie_nvd - Published: 2015-02-19 11:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2015-0439.html
cve@mitre.org	http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt
cve@mitre.org	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2015/dsa-3153
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:069
cve@mitre.org	http://www.securityfocus.com/bid/72503
cve@mitre.org	http://www.ubuntu.com/usn/USN-2498-1
cve@mitre.org	https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-0439.html
af854a3a-2127-422b-91ae-364da2661108	http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt
af854a3a-2127-422b-91ae-364da2661108	http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3153
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:069
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/72503
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2498-1
af854a3a-2127-422b-91ae-364da2661108	https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c

Impacted products

Vendor	Product	Version
mit	kerberos_5	1.11
mit	kerberos_5	1.11.1
mit	kerberos_5	1.11.2
mit	kerberos_5	1.11.3
mit	kerberos_5	1.11.4
mit	kerberos_5	1.11.5
mit	kerberos_5	1.12
mit	kerberos_5	1.12.1
mit	kerberos_5	1.12.2
mit	kerberos_5	1.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D554BDC-CD7D-4572-B1E8-5F627F2C5916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65BCD38A-33AD-4FD7-AF5B-8470B24C4139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11F9209-799A-428B-9513-DBD0F19C7BF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA40FAA-B858-4282-8438-247E99FBB002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "65795542-D886-46C4-8ECB-4630078DF66A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A4C436-C3D7-469E-8895-8EEC9569EE86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A9FAE9-7219-4D6A-9E94-FFE20223537D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA68BC90-FCFC-4C9B-8574-9029DB2358E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D0A28CB-173D-4676-B083-E3718213B840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mit:kerberos_5:1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "169D00BD-344F-453C-BE7C-9DF0740080BB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n svcauth_gss_accept_sec_context en lib/rpc/svc_auth_gss.c en MIT Kerberos 5 (tambi\u00e9n conocido como krb5) 1.11.x hasta 1.11.5, 1.12.x hasta 1.12.2, y 1.13.x anterior a 1.13.1 trasmite datos intercalados no inicializados a clientes, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de la memoria din\u00e1mica de procesos mediante la captura de trafico de la red para datos en un campo de manejo (handle)."
    }
  ],
  "id": "CVE-2014-9423",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-02-19T11:59:07.500",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2015/dsa-3153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/72503"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-2498-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/72503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2498-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2014-9423 (GCVE-0-2014-9423)

Vulnerability from cvelistv5 – Published: 2015-02-19 11:00 – Updated: 2024-08-06 13:47

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://web.mit.edu/kerberos/advisories/MITKRB5-SA…	x_refsource_CONFIRM
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.debian.org/security/2015/dsa-3153	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2015-0439.html	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8…	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.ubuntu.com/usn/USN-2498-1	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/bid/72503	vdb-entryx_refsource_BID
	http://web.mit.edu/kerberos/advisories/2015-001-p…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:47:41.334Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2015-2347",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"
          },
          {
            "name": "FEDORA-2015-2382",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html"
          },
          {
            "name": "DSA-3153",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3153"
          },
          {
            "name": "openSUSE-SU-2015:0255",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html"
          },
          {
            "name": "RHSA-2015:0439",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
          },
          {
            "name": "SUSE-SU-2015:0290",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c"
          },
          {
            "name": "MDVSA-2015:069",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069"
          },
          {
            "name": "USN-2498-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2498-1"
          },
          {
            "name": "SUSE-SU-2015:0257",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html"
          },
          {
            "name": "72503",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72503"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-02-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2015-2347",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"
        },
        {
          "name": "FEDORA-2015-2382",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html"
        },
        {
          "name": "DSA-3153",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3153"
        },
        {
          "name": "openSUSE-SU-2015:0255",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html"
        },
        {
          "name": "RHSA-2015:0439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
        },
        {
          "name": "SUSE-SU-2015:0290",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c"
        },
        {
          "name": "MDVSA-2015:069",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069"
        },
        {
          "name": "USN-2498-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2498-1"
        },
        {
          "name": "SUSE-SU-2015:0257",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html"
        },
        {
          "name": "72503",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72503"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9423",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2015-2347",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151437.html"
            },
            {
              "name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt",
              "refsource": "CONFIRM",
              "url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt"
            },
            {
              "name": "FEDORA-2015-2382",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html"
            },
            {
              "name": "DSA-3153",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3153"
            },
            {
              "name": "openSUSE-SU-2015:0255",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html"
            },
            {
              "name": "RHSA-2015:0439",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0439.html"
            },
            {
              "name": "SUSE-SU-2015:0290",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html"
            },
            {
              "name": "https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c",
              "refsource": "CONFIRM",
              "url": "https://github.com/krb5/krb5/commit/5bb8a6b9c9eb8dd22bc9526751610aaa255ead9c"
            },
            {
              "name": "MDVSA-2015:069",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:069"
            },
            {
              "name": "USN-2498-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2498-1"
            },
            {
              "name": "SUSE-SU-2015:0257",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00011.html"
            },
            {
              "name": "72503",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/72503"
            },
            {
              "name": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt",
              "refsource": "CONFIRM",
              "url": "http://web.mit.edu/kerberos/advisories/2015-001-patch-r113.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9423",
    "datePublished": "2015-02-19T11:00:00",
    "dateReserved": "2014-12-26T00:00:00",
    "dateUpdated": "2024-08-06T13:47:41.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2014-9423

CVE-2014-9423 (GCVE-0-2014-9423)

Tags

Sightings

Nomenclature