CVE-2015-8631medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
References
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343
http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html
http://rhn.redhat.com/errata/RHSA-2016-0493.html
http://rhn.redhat.com/errata/RHSA-2016-0532.html
http://www.debian.org/security/2016/dsa-3466
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securitytracker.com/id/1034916
https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2
Details
Source: MITRE
Published: 2016-02-13
Updated: 2021-02-02
Type: CWE-772
Risk Information
CVSS v2
Base Score: 4
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8
Severity: MEDIUM
CVSS v3
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
Configuration 4
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Configuration 5
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 121679 | Photon OS 1.0: Krb5 PHSA-2017-0011 | Nessus | PhotonOS Local Security Checks | high |
| 111860 | Photon OS 1.0: Krb5 / Linux PHSA-2017-0011 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
| 99775 | EulerOS 2.0 SP1 : krb5 (EulerOS-SA-2016-1012) | Nessus | Huawei Local Security Checks | high |
| 90633 | Amazon Linux AMI : krb5 (ALAS-2016-691) | Nessus | Amazon Linux Local Security Checks | high |
| 90344 | Scientific Linux Security Update : krb5 on SL7.x x86_64 (20160404) | Nessus | Scientific Linux Local Security Checks | high |
| 90299 | RHEL 7 : krb5 (RHSA-2016:0532) | Nessus | Red Hat Local Security Checks | high |
| 90295 | Oracle Linux 7 : krb5 (ELSA-2016-0532) | Nessus | Oracle Linux Local Security Checks | high |
| 90275 | CentOS 7 : krb5 (CESA-2016:0532) | Nessus | CentOS Local Security Checks | high |
| 90145 | Scientific Linux Security Update : krb5 on SL6.x i386/x86_64 (20160323) | Nessus | Scientific Linux Local Security Checks | medium |
| 90138 | OracleVM 3.3 / 3.4 : krb5 (OVMSA-2016-0039) | Nessus | OracleVM Local Security Checks | medium |
| 90122 | CentOS 6 : krb5 (CESA-2016:0493) | Nessus | CentOS Local Security Checks | medium |
| 90116 | RHEL 6 : krb5 (RHSA-2016:0493) | Nessus | Red Hat Local Security Checks | medium |
| 90112 | Oracle Linux 6 : krb5 (ELSA-2016-0493) | Nessus | Oracle Linux Local Security Checks | medium |
| 88886 | Debian DLA-423-1 : krb5 security update | Nessus | Debian Local Security Checks | medium |
| 88854 | openSUSE Security Update : krb5 (openSUSE-2016-230) | Nessus | SuSE Local Security Checks | high |
| 88708 | SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2016:0430-1) | Nessus | SuSE Local Security Checks | medium |
| 88707 | SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2016:0429-1) | Nessus | SuSE Local Security Checks | high |
| 88687 | openSUSE Security Update : krb5 (openSUSE-2016-181) | Nessus | SuSE Local Security Checks | high |
| 88581 | Debian DSA-3466-1 : krb5 - security update | Nessus | Debian Local Security Checks | high |