Lucene search

K

Veracode Vulnerability DatabaseVERACODE:7275

HistoryAug 13, 2018 - 3:20 a.m.

Denial Of Service (DoS)

2018-08-1303:20:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

17

EPSS

0.008

Percentile

82.3%

libkrb5.so is vulnerable to denial of service (DoS) attacks. The vulnerability exists in the krb5_ldap_get_password_policy_from_dn function of plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c where an unauthenticated user can cause the daemon to crash through a successful LDAP query with no results.

References

advisories.mageia.org/MGASA-2014-0536.html

lists.fedoraproject.org/pipermail/package-announce/2015-April/155828.html

lists.opensuse.org/opensuse-updates/2015-03/msg00061.html

rhn.redhat.com/errata/RHSA-2015-0439.html

rhn.redhat.com/errata/RHSA-2015-0794.html

www.mandriva.com/security/advisories?name=MDVSA-2015:009

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.securityfocus.com/bid/71679

www.securitytracker.com/id/1031376

www.ubuntu.com/usn/USN-2498-1

bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226

github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3

lists.debian.org/debian-lts-announce/2018/01/msg00040.html

EPSS

0.008

Percentile

82.3%

Related for VERACODE:7275

nessus23 openvas15 securityvulns2 cvelist1 ubuntucve1 debiancve1 prion1 mageia1 fedora4 nvd1 cve1 altlinux3 freebsd3 amazon1 centos2 veracode1 oraclelinux2 redhat2 ibm5 archlinux1 osv1 debian1 ubuntu1