Published: 09/11/2015 Updated: 02/02/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) prior to 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5
oracle solaris 11.3
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
canonical ubuntu linux 15.04
canonical ubuntu linux 15.10
debian debian linux 7.0
debian debian linux 8.0
debian debian linux 9.0
opensuse leap 42.1
opensuse opensuse 13.1
opensuse opensuse 13.2
suse linux enterprise desktop 12
suse linux enterprise server 12
suse linux enterprise software development kit 12

Several security issues were fixed in Kerberos ...

Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2695 It was discovered that applications which call gss_inquire_context() on a partially-established SPNEGO context can cause the GSS-API library to read from ...

Debian Bug report logs - #803083 CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 26 Oct 2015 ...

Debian Bug report logs - #803088 CVE-2015-2697 in libkrb5-3: invalid string processing Package: libkrb5-3; Maintainer for libkrb5-3 is Sam Hartman <hartmans@debianorg>; Source for libkrb5-3 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 26 Oct 2015 18:42:01 UTC Severity: no ...

Debian Bug report logs - #803084 CVE-2015-2696 in libgssapi-krb5-2, IAKERB context aliasing Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 26 Oct 2015 ...

An out-of-bounds flaw was discovered in MIT Kerberos; the build_principal_va() function did not properly duplicate the realm An authenticated remote attacker could possibly exploit this flaw by sending a TGS request containing a specially crafted realm field and crashing the KDC (denial of service) ...

CWE-125 https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789 http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/77581 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html http://www.ubuntu.com/usn/USN-2810-1 http://www.debian.org/security/2015/dsa-3395 http://www.securitytracker.com/id/1034084 https://security.gentoo.org/glsa/201611-14 https://usn.ubuntu.com/2810-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-2697

CVE-2015-2697

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect