Out-of-Bounds Read Vulnerability in MIT Kerberos 5 Kadmind
CVE-2015-8629

5.3MEDIUM

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
13 February 2016

What is CVE-2015-8629?

The xdr_nullstring function in kadmind within MIT Kerberos 5 fails to properly verify the presence of '\0' characters in input strings. As a result, this flaw can allow remote authenticated users to perform out-of-bounds reads, potentially leading to the unauthorized disclosure of sensitive information or creating conditions that may result in a denial of service.

References

http://www.debian.org/security/2016/dsa-3466
vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/82801
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/topics/security/linuxbu...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.