Denial of Service in MIT Kerberos 5 Affected by Null Policy Name
CVE-2015-8630

7.5HIGH

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
13 February 2016

What is CVE-2015-8630?

The kadm5_create_principal_3 and kadm5_modify_principal functions in MIT Kerberos 5 have a vulnerability that allows remote authenticated users to induce a denial of service through a NULL pointer dereference. This can occur when a user specifies KADM5_POLICY with a NULL policy name, resulting in the crash of the kadmind daemon. It is crucial for users of affected versions to apply the necessary updates to safeguard their systems from this exploit.

References

http://www.debian.org/security/2016/dsa-3466
vendor-advisoryx_refsource_DEBIAN
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8342
x_refsource_CONFIRM
http://www.securitytracker.com/id/1034915
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.