Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2015-8629

Published: 13/02/2016 Updated: 02/02/2021
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.3 | Impact Score: 3.6 | Exploitability Score: 1.6
VMScore: 188
Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N
Subscribe to Kerberos 5

Vulnerability Summary

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) prior to 1.13.4 and 1.14.x prior to 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mit kerberos 5

oracle linux 6

oracle linux 7

oracle solaris 10

oracle solaris 11.3

debian debian linux 7.0

debian debian linux 8.0

opensuse leap 42.1

opensuse opensuse 13.2

redhat enterprise linux desktop 6.0

redhat enterprise linux desktop 7.0

redhat enterprise linux eus 6.7

redhat enterprise linux eus 7.2

redhat enterprise linux eus 7.3

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux eus 7.6

redhat enterprise linux eus 7.7

redhat enterprise linux server 6.0

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux server aus 7.6

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.2

redhat enterprise linux server tus 7.3

redhat enterprise linux server tus 7.6

redhat enterprise linux server tus 7.7

redhat enterprise linux workstation 6.0

redhat enterprise linux workstation 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: krb5: CVE-2015-8630: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
Debian Bug report logs - #813127 krb5: CVE-2015-8630: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Jan 2016 16:42:38 UTC Severity: important T ...
Debian CVElist Bug Report Logs: krb5: CVE-2015-8629: xdr_nullstring() doesn't check for terminating null character
Debian Bug report logs - #813296 krb5: CVE-2015-8629: xdr_nullstring() doesn't check for terminating null character Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 31 Jan 2016 10:21:02 UTC Severity: important Tags: patch ...
Debian CVElist Bug Report Logs: krb5: CVE-2015-8631: Memory leak caused by supplying a null principal name in request
Debian Bug report logs - #813126 krb5: CVE-2015-8631: Memory leak caused by supplying a null principal name in request Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Jan 2016 16:42:06 UTC Severity: important Tags: pa ...
Amazon Linux AMI: ALAS-2016-691
An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure (CVE-2015-8629) A NULL ...
Red Hat: CVE-2015-8629
An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure ...

References

CWE-125https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bbhttp://krbdev.mit.edu/rt/Ticket/Display.html?id=8341http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/82801http://rhn.redhat.com/errata/RHSA-2016-0532.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0493.htmlhttp://www.securitytracker.com/id/1034914http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.htmlhttp://www.debian.org/security/2016/dsa-3466http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127https://alas.aws.amazon.com/ALAS-2016-691.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook