CVE Vulnerabilities

CVE-2015-2696

Published: Nov 09, 2015 | Modified: Feb 02, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.1 HIGH
AV:N/AC:M/Au:N/C:N/I:N/A:C
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.

Affected Software

Name Vendor Start Version End Version
Kerberos_5 Mit * 1.14 (excluding)
Krb5 Ubuntu precise *
Krb5 Ubuntu trusty *
Krb5 Ubuntu trusty/esm *
Krb5 Ubuntu upstream *
Krb5 Ubuntu vivid *
Krb5 Ubuntu vivid/stable-phone-overlay *
Krb5 Ubuntu vivid/ubuntu-core *
Krb5 Ubuntu wily *

References