Published: 13/02/2016 Updated: 21/01/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x prior to 1.13.4 and 1.14.x prior to 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5 1.14
mit kerberos 5 1.12.5
mit kerberos 5 1.12.4
mit kerberos 5 1.13.1
mit kerberos 5 1.13
mit kerberos 5 1.13.3
mit kerberos 5 1.13.2
mit kerberos 5 1.12.1
mit kerberos 5 1.12
mit kerberos 5 1.12.3
mit kerberos 5 1.12.2

Debian Bug report logs - #813127 krb5: CVE-2015-8630: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Jan 2016 16:42:38 UTC Severity: important T ...

Debian Bug report logs - #813296 krb5: CVE-2015-8629: xdr_nullstring() doesn't check for terminating null character Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 31 Jan 2016 10:21:02 UTC Severity: important Tags: patch ...

Debian Bug report logs - #813126 krb5: CVE-2015-8631: Memory leak caused by supplying a null principal name in request Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Jan 2016 16:42:06 UTC Severity: important Tags: pa ...

An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure (CVE-2015-8629) A NULL ...

A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set An authenticated attacker with permissions to modify the database could use this flaw to add or ...

NVD-CWE-Other http://krbdev.mit.edu/rt/Ticket/Display.html?id=8342 https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://rhn.redhat.com/errata/RHSA-2016-0532.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html http://www.debian.org/security/2016/dsa-3466 http://www.securitytracker.com/id/1034915 http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127 https://alas.aws.amazon.com/ALAS-2016-691.html

CVE-2015-8630

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect