PT-2016-3941 · Mit+4 · Mit Kerberos 5+4

Simo Sorce

Published

2016-02-04

Updated

2024-06-15

CVE-2015-8631

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions MIT Kerberos 5 (aka krb5) versions prior to 1.13.4 MIT Kerberos 5 (aka krb5) versions 1.14.x prior to 1.14.1

Description The issue is related to multiple memory leaks in the kadmin/server/server stubs.c file in kadmind, which can be exploited by remote authenticated users to cause a denial of service through memory consumption. This can be achieved by sending a request with a NULL principal name.

Recommendations For versions prior to 1.13.4, update to version 1.13.4 or later. For versions 1.14.x prior to 1.14.1, update to version 1.14.1 or later.

Fix

DoS

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772

Related Identifiers

ALT-PU-2016-1392

CESA-2016_0493

CESA-2016_0532

CVE-2015-8631

DLA-423-1

DSA-3466-1

MGASA-2016-0052

OPENSUSE-SU-2024:10004-1

RHSA-2016:0493

RHSA-2016:0532

RHSA-2016_0493

RHSA-2016_0532

SUSE-SU-2016:0429-1

SUSE-SU-2016:0430-1

Affected Products

Alt Linux

Centos

Mit Kerberos 5

Red Hat

Suse

PT-2016-3941 · Mit+4 · Mit Kerberos 5+4

CVE-2015-8631

Weakness Enumeration

Related Identifiers

Affected Products

References · 87