5.3

CVE-2015-8629

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MitKerberos 5 Version < 1.13.4
MitKerberos 5 Version >= 1.14 < 1.14.1
OracleLinux Version6 Update-
OracleLinux Version7 Update-
OracleSolaris Version10
OracleSolaris Version11.3
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
OpensuseLeap Version42.1
OpensuseOpensuse Version13.2
RedhatEnterprise Linux Eus Version6.7
RedhatEnterprise Linux Eus Version7.2
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.66% 0.882
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 1.6 3.6
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:N/AC:H/Au:S/C:P/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Third Party Advisory
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8341
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2016-0493.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0532.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3466
Third Party Advisory
http://www.securityfocus.com/bid/82801
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034914
Third Party Advisory
VDB Entry
https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb
Patch
Third Party Advisory