Remote Denial of Service Vulnerability in MIT Kerberos 5
CVE-2015-2697

Currently unrated

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
9 November 2015

What is CVE-2015-2697?

The build_principal_va function in the MIT Kerberos 5 library prior to version 1.14 is susceptible to a denial of service attack. An attacker who is authenticated can exploit this vulnerability by sending a specially crafted TGS request containing an initial null character in a long realm field. This may lead to out-of-bounds reading and potentially crash the Key Distribution Center (KDC), affecting the availability of the service.

References

https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/77581
vdb-entryx_refsource_BID
http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.