[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3395-1 krb5 -- krb5

ID: oval:org.secpod.oval:def:602271Date: (C)2015-11-17   (M)2023-12-07
Class: PATCHFamily: unix




Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-2695 It was discovered that applications which call gss_inquire_context on a partially-established SPNEGO context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2696 It was discovered that applications which call gss_inquire_context on a partially-established IAKERB context can cause the GSS-API library to read from a pointer using the wrong type, leading to a process crash. CVE-2015-2697 It was discovered that the build_principal_va function incorrectly handles input strings. An authenticated attacker can take advantage of this flaw to cause a KDC to crash using a TGS request with a large realm field beginning with a null byte.

Platform:
Debian 8.x
Debian 7.x
Product:
krb5-kdc
krb5-kdc-ldap
krb5-admin-server
Reference:
DSA-3395-1
CVE-2015-2695
CVE-2015-2696
CVE-2015-2697
CVE    3
CVE-2015-2697
CVE-2015-2696
CVE-2015-2695
CPE    5
cpe:/a:mit:krb5-admin-server
cpe:/o:debian:debian_linux:7.x
cpe:/o:debian:debian_linux:8.x
cpe:/a:mit:krb5-kdc-ldap
...

© SecPod Technologies