Debian: DSA-3466-1 Urgent: Memory Leak Vulnerability in Krb5 Detected
debian
February 4, 2016
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos
Topics Covered
Summary
CVE-2015-8629
It was discovered that an authenticated attacker can cause kadmind
to read beyond the end of allocated memory by sending a string
without a terminating zero byte. Information leakage may be possible
for an attacker with permission to modify the database.
CVE-2015-8630
It was discovered that an authenticated attacker with permission to
modify a principal entry can cause kadmind to dereference a null
pointer by supplying a null policy value but including KADM5_POLICY
in the mask.
CVE-2015-8631
It was discovered that an authenticated attacker can cause kadmind
to leak memory by supplying a null principal name in a request which
uses one. Repeating these requests will eventually cause kadmind to
exhaust all available memory.
For the oldstable distribution (wheezy), these problems have been fixed
in version 1.10.1+dfsg-5+deb7u7. The oldstable distribution (wheezy) is
not affected by CVE-2015-8630.
For the stable distribution (jessie), these pro...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: krb5
CVE ID: CVE-2015-8629 CVE-2015-8630 CVE-2015-8631
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!