DSA-3395-1 krb5 -- krb5ID: oval:org.secpod.oval:def:602271 | Date: (C)2015-11-17 (M)2023-12-07 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2695 It was discovered that applications which call gss_inquire_context on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2696 It was discovered that applications which call gss_inquire_context on a partially-established IAKERB context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2697 It was discovered that the build_principal_va function incorrectly handles input strings. An authenticated attacker can take advantage of this flaw to cause a KDC to crash using a TGS request with a large realm field beginning with a null byte.
Platform: |
Debian 8.x |
Debian 7.x |
Product: |
krb5-kdc |
krb5-kdc-ldap |
krb5-admin-server |