Published: 13/02/2016 Updated: 02/02/2021

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) prior to 1.13.4 and 1.14.x prior to 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mit kerberos 5
opensuse leap 42.1
opensuse opensuse 13.2
debian debian linux 7.0
debian debian linux 8.0
redhat enterprise linux desktop 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux eus 6.7
redhat enterprise linux eus 7.2
redhat enterprise linux eus 7.3
redhat enterprise linux eus 7.4
redhat enterprise linux eus 7.5
redhat enterprise linux eus 7.6
redhat enterprise linux eus 7.7
redhat enterprise linux server 6.0
redhat enterprise linux server 7.0
redhat enterprise linux server aus 7.2
redhat enterprise linux server aus 7.3
redhat enterprise linux server aus 7.4
redhat enterprise linux server aus 7.6
redhat enterprise linux server aus 7.7
redhat enterprise linux server tus 7.2
redhat enterprise linux server tus 7.3
redhat enterprise linux server tus 7.6
redhat enterprise linux server tus 7.7
redhat enterprise linux workstation 6.0
redhat enterprise linux workstation 7.0
oracle linux 6
oracle linux 7

Debian Bug report logs - #813127 krb5: CVE-2015-8630: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Jan 2016 16:42:38 UTC Severity: important T ...

Debian Bug report logs - #813296 krb5: CVE-2015-8629: xdr_nullstring() doesn't check for terminating null character Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 31 Jan 2016 10:21:02 UTC Severity: important Tags: patch ...

Debian Bug report logs - #813126 krb5: CVE-2015-8631: Memory leak caused by supplying a null principal name in request Package: src:krb5; Maintainer for src:krb5 is Sam Hartman <hartmans@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 29 Jan 2016 16:42:06 UTC Severity: important Tags: pa ...

An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure (CVE-2015-8629) A NULL ...

A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion ...

CWE-772 http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343 https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://rhn.redhat.com/errata/RHSA-2016-0532.html http://rhn.redhat.com/errata/RHSA-2016-0493.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html http://www.debian.org/security/2016/dsa-3466 http://www.securitytracker.com/id/1034916 http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127 https://alas.aws.amazon.com/ALAS-2016-691.html

CVE-2015-8631

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect