Published: 13/11/2015 Updated: 21/01/2020

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

VMScore: 756

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.14

Several security issues were fixed in Kerberos ...

Debian Bug report logs - #803083 CVE-2015-2695 in libgssapi-krb5-2, SPNEGO context aliasing Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 26 Oct 2015 ...

Debian Bug report logs - #803088 CVE-2015-2697 in libkrb5-3: invalid string processing Package: libkrb5-3; Maintainer for libkrb5-3 is Sam Hartman <hartmans@debianorg>; Source for libkrb5-3 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 26 Oct 2015 18:42:01 UTC Severity: no ...

Debian Bug report logs - #803084 CVE-2015-2696 in libgssapi-krb5-2, IAKERB context aliasing Package: libgssapi-krb5-2; Maintainer for libgssapi-krb5-2 is Sam Hartman <hartmans@debianorg>; Source for libgssapi-krb5-2 is src:krb5 (PTS, buildd, popcon) Reported by: Benjamin Kaduk <kaduk@MITEDU> Date: Mon, 26 Oct 2015 ...

The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerbc in MIT Kerberos 5 (aka krb5) 114 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gs ...

CWE-119 http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273 https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd http://lists.opensuse.org/opensuse-updates/2015-11/msg00116.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00124.html http://www.ubuntu.com/usn/USN-2810-1 https://usn.ubuntu.com/2810-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-2698

CVE-2015-2698

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect