Guest

Preview Tool

Cisco Bug: CSCur27692 - CUCM: Various Kerberos Vulnerabilities

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.5(1.98000.254)

Description (partial)

Symptoms:
Cisco Cisco Unified Communications Manager (CallManager) includes a version of MIT Kerberos that is affected
by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2013-1418: The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos
5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of
service (NULL pointer dereference and daemon crash) via a crafted request. This has been classified by the
vendor as having a CVSSv2 score of 4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P)

CVE-2013-6800: An unspecified third-party database module for the Key Distribution Center (KDC) in MIT
Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer
dereference and daemon crash) via a crafted request, a different vulnerability than CVE-2013-1418. This has
been classified by the vendor as having a CVSSv2 score of 4.0 (AV:N/AC:L/AU:S/C:N/I:N/A:P)

CVE-2014-4341: MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service
(buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. This
has been classified by the vendor as having a CVSSv2 score of 5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2014-4342: MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a
denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid
tokens into a GSSAPI application session. This has been classified by the vendor as having a CVSSv2 score of
5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P)

CVE-2014-4343: Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote
attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network
traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the
one proposed by the initiator.  This has been classified by the vendor as having a CVSSv2 score of 7.6
(AV:N/AC:H/AU:N/C:C/I:C/A:C)

CVE-2014-4344: The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT
Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via an empty continuation token at a certain point during a
SPNEGO negotiation.  This has been classified by the vendor as having a CVSSv2 score of 7.8
(AV:N/AC:L/AU:N/C:N/I:N/A:C)

CVE-2014-4345: Off-by-one error in the krb5_encode_krbsecretkey function in
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5)
1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a
denial of service (buffer overflow) or possibly execute arbitrary code via a series of ''cpw -keepold''
commands. This has been classified by the vendor as having a CVSSv2 score of 8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C)

This bug was opened to address the potential impact on this product.

Conditions:
Running version of the software prior to the Known Fixed Releases
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.