ID CVE-2015-8629
Summary The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
References
Vulnerable Configurations
  • MIT Kerberos 5-1.14 Alpha 1
    cpe:2.3:a:mit:kerberos:5-1.14:alpha1
  • MIT Kerberos 5-1.14 Beta 1
    cpe:2.3:a:mit:kerberos:5-1.14:beta1
  • MIT Kerberos 5 1.14 Beta2
    cpe:2.3:a:mit:kerberos:5-1.14:beta2
  • cpe:2.3:a:mit:kerberos:5-1.14
    cpe:2.3:a:mit:kerberos:5-1.14
  • MIT Kerberos 5 1.13.3
    cpe:2.3:a:mit:kerberos:5-1.13.3
CVSS
Base: 2.1 (as of 17-02-2016 - 11:28)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK HIGH SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0493.NASL
    description From Red Hat Security Advisory 2016:0493 : Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 90112
    published 2016-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90112
    title Oracle Linux 6 : krb5 (ELSA-2016-0493)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-691.NASL
    description An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 90633
    published 2016-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90633
    title Amazon Linux AMI : krb5 (ALAS-2016-691)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2016-0039.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2015-8629, CVE-2015-8631) - Also fix a spec trigger issue that prevents building - Resolves: #1306973
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 90138
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90138
    title OracleVM 3.3 / 3.4 : krb5 (OVMSA-2016-0039)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160323_KRB5_ON_SL6_X.NASL
    description A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 90145
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90145
    title Scientific Linux Security Update : krb5 on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0429-1.NASL
    description This update for krb5 fixes the following issues : - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88707
    published 2016-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88707
    title SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2016:0429-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0493.NASL
    description Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90122
    published 2016-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90122
    title CentOS 6 : krb5 (CESA-2016:0493)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-181.NASL
    description This update for krb5 fixes the following issues : - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88687
    published 2016-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88687
    title openSUSE Security Update : krb5 (openSUSE-2016-181)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-0532.NASL
    description From Red Hat Security Advisory 2016:0532 : An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) * An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) * A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 90295
    published 2016-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90295
    title Oracle Linux 7 : krb5 (ELSA-2016-0532)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0430-1.NASL
    description This update for krb5 fixes the following issues : - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88708
    published 2016-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88708
    title SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2016:0430-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0493.NASL
    description Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90116
    published 2016-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90116
    title RHEL 6 : krb5 (RHSA-2016:0493)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-0532.NASL
    description An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) * An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) * A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90299
    published 2016-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90299
    title RHEL 7 : krb5 (RHSA-2016:0532)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-0532.NASL
    description An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) * An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) * A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 90275
    published 2016-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90275
    title CentOS 7 : krb5 (CESA-2016:0532)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-230.NASL
    description This update for krb5 fixes the following issues : - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 88854
    published 2016-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88854
    title openSUSE Security Update : krb5 (openSUSE-2016-230)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1012.NASL
    description According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion.(CVE-2015-8631) - An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) - A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99775
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99775
    title EulerOS 2.0 SP1 : krb5 (EulerOS-SA-2016-1012)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-423.NASL
    description CVE-2015-8629 It was discovered that an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. CVE-2015-8631 It was discovered that an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 88886
    published 2016-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88886
    title Debian DLA-423-1 : krb5 security update
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20160404_KRB5_ON_SL7_X.NASL
    description Security Fix(es) : - A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) - An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) - A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 90344
    published 2016-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90344
    title Scientific Linux Security Update : krb5 on SL7.x x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3466.NASL
    description Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8629 It was discovered that an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. - CVE-2015-8630 It was discovered that an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. - CVE-2015-8631 It was discovered that an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 88581
    published 2016-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88581
    title Debian DSA-3466-1 : krb5 - security update
redhat via4
advisories
  • rhsa
    id RHSA-2016:0493
  • rhsa
    id RHSA-2016:0532
rpms
  • krb5-devel-0:1.10.3-42z1.el6_7
  • krb5-libs-0:1.10.3-42z1.el6_7
  • krb5-pkinit-openssl-0:1.10.3-42z1.el6_7
  • krb5-server-0:1.10.3-42z1.el6_7
  • krb5-server-ldap-0:1.10.3-42z1.el6_7
  • krb5-workstation-0:1.10.3-42z1.el6_7
  • krb5-devel-0:1.13.2-12.el7_2
  • krb5-libs-0:1.13.2-12.el7_2
  • krb5-pkinit-0:1.13.2-12.el7_2
  • krb5-server-0:1.13.2-12.el7_2
  • krb5-server-ldap-0:1.13.2-12.el7_2
  • krb5-workstation-0:1.13.2-12.el7_2
refmap via4
bid 82801
confirm
debian DSA-3466
sectrack 1034914
suse
  • openSUSE-SU-2016:0406
  • openSUSE-SU-2016:0501
Last major update 05-12-2016 - 22:04
Published 12-02-2016 - 21:59
Back to Top