Lucene search

MitreCVE-2015-2697

HistoryNov 09, 2015 - 3:59 a.m.

CVE-2015-2697

2015-11-0903:59:03

CWE-125

mitre

web.nvd.nist.gov

mit kerberos 5

build_principal_va

out-of-bounds read

denial of service

nvd

cve-2015-2697

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.835

Percentile

98.5%

JSON

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial ‘\0’ character in a long realm field within a TGS request.

Affected configurations

Nvd

Node

mitkerberos_5Range<1.14

Node

oraclesolarisMatch11.3

Node

canonicalubuntu_linuxMatch12.04-

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch15.04

canonicalubuntu_linuxMatch15.10

Node

debiandebian_linuxMatch7.0

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

opensuseleapMatch42.1

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_serverMatch12-

suselinux_enterprise_software_development_kitMatch12-

VendorProductVersionCPE
mitkerberos_5*cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
oraclesolaris11.3cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux15.04cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
canonicalubuntu_linux15.10cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
opensuseleap42.1cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mit	kerberos_5	*	cpe:2.3:a:mit:kerberos_5::::::::
oracle	solaris	11.3	cpe:2.3:o:oracle:solaris:11.3:::::::*
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
canonical	ubuntu_linux	15.04	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
canonical	ubuntu_linux	15.10	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
opensuse	leap	42.1	cpe:2.3:o:opensuse:leap:42.1:::::::*