PT-2016-3939 · Mit+4 · Mit Kerberos 5+4

Greg Hudson

Published

2016-02-04

Updated

2024-06-15

CVE-2015-8629

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (krb5) versions prior to 1.13.4 MIT Kerberos 5 (krb5) versions 1.14.x prior to 1.14.1

Description The issue allows remote authenticated users to obtain sensitive information or cause a denial of service due to an out-of-bounds read. This is caused by the xdr nullstring function in lib/kadm5/kadm rpc xdr.c in kadmind not verifying whether '0' characters exist as expected, allowing exploitation via a crafted string.

Recommendations For versions prior to 1.13.4, update to version 1.13.4 or later. For versions 1.14.x prior to 1.14.1, update to version 1.14.1 or later.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2016-1392

CESA-2016_0493

CESA-2016_0532

CVE-2015-8629

DLA-423-1

DSA-3466-1

MGASA-2016-0052

OPENSUSE-SU-2024:10004-1

RHSA-2016:0493

RHSA-2016:0532

RHSA-2016_0493

RHSA-2016_0532

SUSE-SU-2016:0429-1

SUSE-SU-2016:0430-1

SUSE-SU-2016_0429-1

SUSE-SU-2016_0430-1

Affected Products

Alt Linux

Centos

Mit Kerberos 5

Red Hat

Suse

PT-2016-3939 · Mit+4 · Mit Kerberos 5+4

CVE-2015-8629

Weakness Enumeration

Related Identifiers

Affected Products

References · 89