Memory Corruption Vulnerability in MIT Kerberos 5 by MIT
CVE-2015-2698

Currently unrated

Key Information:

Vendor: Mit
Status: Kerberos 5
Vendor: CVE Published:; 13 November 2015

What is CVE-2015-2698?

The iakerb_gss_export_sec_context function in MIT Kerberos 5 can be exploited due to improper pointer access in lib/gssapi/krb5/iakerb.c, leading to a potential denial of service or other unspecified impacts for remote authenticated users. This issue arises from an incorrect fix for a previous vulnerability, emphasizing the importance of robust security measures in applications utilizing GSSAPI.

References

https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6b...

x_refsource_CONFIRM

http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-updates/2015-11/msg001...

vendor-advisoryx_refsource_SUSE

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2015
Vulnerability Reserved
Mar 24, 2015

CVE-2015-2698 Data

JSON

Mit

What is CVE-2015-2698?

References

Timeline