PT-2016-3941 · Mit+4 · Mit Kerberos 5+4

Simo Sorce

Publicado

2016-02-04

Atualizado

2024-06-15

CVE-2015-8631

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (aka krb5) versions prior to 1.13.4 MIT Kerberos 5 (aka krb5) versions 1.14.x prior to 1.14.1

Description The issue is related to multiple memory leaks in the kadmin/server/server stubs.c file in kadmind, which can be exploited by remote authenticated users to cause a denial of service through memory consumption. This can be achieved by sending a request with a NULL principal name.

Recommendations For versions prior to 1.13.4, update to version 1.13.4 or later. For versions 1.14.x prior to 1.14.1, update to version 1.14.1 or later.

Correção

DoS

Missing Release of Resource after Effective Lifetime

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-772

Identificadores relacionados

ALT-PU-2016-1392

CESA-2016_0493

CESA-2016_0532

CVE-2015-8631

DLA-423-1

DSA-3466-1

MGASA-2016-0052

OPENSUSE-SU-2024:10004-1

RHSA-2016:0493

RHSA-2016:0532

RHSA-2016_0493

RHSA-2016_0532

SUSE-SU-2016:0429-1

SUSE-SU-2016:0430-1

Produtos afetados

Alt Linux

Centos

Mit Kerberos 5

Red Hat

Suse

PT-2016-3941 · Mit+4 · Mit Kerberos 5+4

CVE-2015-8631

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 87