CVE-2015-2696
Ubuntu Security Notice USN-2810-1
Severity Score
Exploit Likelihood
Affected Versions
14Public Exploits
0Exploited in Wild
-Decision
Descriptions
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.
lib/gssapi/krb5/iakerb.c en MIT Kerberos 5 (también conocido como krb5) en versiones anteriores a 1.14 confía en un manejo de contexto inapropiado, lo cual permite a atacantes remotos provocar una denegación de servicio (lectura de puntero incorrecto y caída de proceso) a través de un paquete IAKERB manipulado que no es manejado correctamente durante una llamada a gss_inquire_context.
It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-03-24 CVE Reserved
- 2015-11-09 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-18: DEPRECATED: Source Code
CAPEC
References (10)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 | 2021-02-02 | |
| http://lists.opensuse.org/opensuse-security-announce/2015-... | 2021-02-02 | |
| http://lists.opensuse.org/opensuse-security-announce/2015-... | 2021-02-02 | |
| http://lists.opensuse.org/opensuse-security-announce/2015-... | 2021-02-02 | |
| http://www.debian.org/security/2015/dsa-3395 | 2021-02-02 | |
| http://www.ubuntu.com/usn/USN-2810-1 | 2021-02-02 | |
| https://security.gentoo.org/glsa/201611-14 | 2021-02-02 |