Denial of Service Vulnerability in MIT Kerberos 5 Product
CVE-2015-2696

Currently unrated

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
9 November 2015

What is CVE-2015-2696?

The vulnerability resides in the IAKERB handling within the lib/gssapi/krb5/iakerb.c file of MIT Kerberos 5, prior to version 1.14. Due to improper context handle management, an attacker can exploit this flaw by sending a specially crafted IAKERB packet during a gss_inquire_context call, resulting in incorrect pointer reads and potentially crashing the process. This vulnerability allows remote attackers to disrupt service, rendering Kerberos 5 unable to function correctly for dependent applications.

References

https://github.com/krb5/krb5/commit/e04f0283516e80d2f9336...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE
https://security.gentoo.org/glsa/201611-14
vendor-advisoryx_refsource_GENTOO

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.