Detections
Analytics
Alpine: krb5: security update to 1.14-r1
medium Tenable Cloud Security Plugin ID 405089
Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:- The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before
1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows
remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds
read) via a crafted string. (CVE-2015-8629)
- The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c
in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow
remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by
specifying KADM5_POLICY with a NULL policy name. (CVE-2015-8630)
- Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before
1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory
consumption) via a request specifying a NULL principal name. (CVE-2015-8631)
See Also
https://security.alpinelinux.org/vuln/CVE-2015-8629
Plugin Details
Severity: Medium
ID: 405089
Version: Revision 1.25
Type: Local
Published: 10/31/2023
Updated: 4/13/2026
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Low
Base Score: 2.1
Temporal Score: 1.6
Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N
CVSS Score Source: CVE-2015-8629
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 1/8/2016