Published: 09/11/2015 Updated: 02/02/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) prior to 1.14 relies on an inappropriate context handle, which allows remote malicious users to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5
oracle solaris 11.3
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
canonical ubuntu linux 15.10
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0
opensuse leap 42.1
opensuse opensuse 13.1
opensuse opensuse 13.2
suse linux enterprise desktop 11
suse linux enterprise desktop 12
suse linux enterprise server 11
suse linux enterprise server 12
suse linux enterprise software development kit 11
suse linux enterprise software development kit 12

Several security issues were fixed in Kerberos ...

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2695 It was discovered that applications which call gss_inquire_context() on a partially-established SPNEGO context can cause the GSS-API library to read from ...

Debian Bug report logs - #803083 CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 26 Oct 2015 ...

Debian Bug report logs - #803088 CVE-2015-2697 in libkrb5-3: invalid string processing Package: libkrb5-3; Maintainer for libkrb5-3 is Sam Hartman <hartmans@debianorg>; Source for libkrb5-3 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 26 Oct 2015 18:42:01 UTC Severity: no ...

Debian Bug report logs - #803084 CVE-2015-2696 in libgssapi-krb5-2, IAKERB context aliasing Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 26 Oct 2015 ...

CWE-763 https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/90687 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html http://www.ubuntu.com/usn/USN-2810-1 http://www.debian.org/security/2015/dsa-3395 http://www.securitytracker.com/id/1034084 https://security.gentoo.org/glsa/201611-14 https://usn.ubuntu.com/2810-1/https://nvd.nist.gov

CVE-2015-2695

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect