PT-2016-3939 · Mit+4 · Mit Kerberos 5+4

Greg Hudson

Publicado

2016-02-04

Atualizado

2024-06-15

CVE-2015-8629

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (krb5) versions prior to 1.13.4 MIT Kerberos 5 (krb5) versions 1.14.x prior to 1.14.1

Description The issue allows remote authenticated users to obtain sensitive information or cause a denial of service due to an out-of-bounds read. This is caused by the xdr nullstring function in lib/kadm5/kadm rpc xdr.c in kadmind not verifying whether '0' characters exist as expected, allowing exploitation via a crafted string.

Recommendations For versions prior to 1.13.4, update to version 1.13.4 or later. For versions 1.14.x prior to 1.14.1, update to version 1.14.1 or later.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2016-1392

CESA-2016_0493

CESA-2016_0532

CVE-2015-8629

DLA-423-1

DSA-3466-1

MGASA-2016-0052

OPENSUSE-SU-2024:10004-1

RHSA-2016:0493

RHSA-2016:0532

RHSA-2016_0493

RHSA-2016_0532

SUSE-SU-2016:0429-1

SUSE-SU-2016:0430-1

SUSE-SU-2016_0429-1

SUSE-SU-2016_0430-1

Produtos afetados

Alt Linux

Centos

Mit Kerberos 5

Red Hat

Suse

PT-2016-3939 · Mit+4 · Mit Kerberos 5+4

CVE-2015-8629

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 89