CVE-2015-8630 – krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
https://notcve.org/view.php?id=CVE-2015-8630
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name. Las funciones (1) kadm5_create_principal_3 y (2) kadm5_modify_principal en lib/kadm5/srv/svr_principal.c en kadmind en MIT Kerberos 5 (también conocido como krb5) 1.12.x y 1.13.x en versiones anteriores a 1.13.4 y 1.14.x en versiones anteriores a 1.14.1 permiten a usuarios remotos autenticados causar una denegación de servicio (referencia a puntero NULL y caída de demonio) mediante la especificación KADM5_POLICY con un nombre de política NULL. A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8342 http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html http://rhn.redhat.com/errata/RHSA-2016-0532.html http://www.debian.org/security/2016/dsa-3466 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1034915 https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b https://access.red • CWE-476: NULL Pointer Dereference •
CVE-2015-8631 – krb5: Memory leak caused by supplying a null principal name in request
https://notcve.org/view.php?id=CVE-2015-8631
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name. Múltiples pérdidas de memoria en kadmin/server/server_stubs.c en kadmind en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.13.4 y 1.14.x en versiones anteriores a 1.14.1 permiten a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria) a través de una solicitud especificando un nombre principal NULL. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343 http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html http://rhn.redhat.com/errata/RHSA-2016-0493.html http://rhn.redhat.com/errata/RHSA-2016-0532.html http://www.debian.org/security/2016/dsa-3466 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html http://www.securitytracker.com/id/1034916 https://github.com/krb5/krb5 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2015-2697
https://notcve.org/view.php?id=CVE-2015-2697
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request. La función build_principal_va en lib/krb5/krb/bld_princ.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 permite a usuarios remotos autenticados provocar una denegación de servicio (lectura fuera de rango y caída de KDC) a través de un carácter inicial '\0' en un campo realm largo dentro de una solicitud TGS. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://www.debian.org/security/2015/dsa-3395 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/77581 http://www.securitytracker.com/id/1034084 http://w • CWE-125: Out-of-bounds Read •
CVE-2015-2696
https://notcve.org/view.php?id=CVE-2015-2696
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call. lib/gssapi/krb5/iakerb.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 confía en un manejo de contexto inapropiado, lo cual permite a atacantes remotos provocar una denegación de servicio (lectura de puntero incorrecto y caída de proceso) a través de un paquete IAKERB manipulado que no es manejado correctamente durante una llamada a gss_inquire_context. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://www.debian.org/security/2015/dsa-3395 http://www.securityfocus.com/bid/90675 http://www.securitytracker.com/id/1034084 http://www.ubuntu.com/usn/USN-2810-1 https://github.com/krb5/krb5/commit/ • CWE-18: DEPRECATED: Source Code •
CVE-2015-2695
https://notcve.org/view.php?id=CVE-2015-2695
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call. lib/gssapi/spnego/spnego_mech.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 confía en un manejo de contexto inapropiado, lo que permite a atacantes remotos provocar una denegación de servicio (lectura de puntero incorrecto y caída de proceso) a través de un paquete SPNEGO manipulado que no es manejado correctamente durante una llamada a gss_inquire_context. • http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html http://www.debian.org/security/2015/dsa-3395 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus& • CWE-763: Release of Invalid Pointer or Reference •