Memory Leak Vulnerability in MIT Kerberos 5 Affects Remote Authentication
CVE-2015-8631

6.5MEDIUM

Key Information:

Vendor

Mit

Status
Kerberos 5
Vendor
CVE Published:
13 February 2016

What is CVE-2015-8631?

A vulnerability exists within the kadmind component of MIT Kerberos 5 that leads to multiple memory leaks. These leaks occur in the kadmin/server/server_stubs.c file, allowing remote authenticated users to trigger significant memory consumption. This can ultimately result in denial of service, impacting the availability of services that rely on Kerberos for authentication. An attacker can exploit this vulnerability by sending a request that specifies a NULL principal name, forcing the system to consume an excessive amount of memory.

References

http://www.debian.org/security/2016/dsa-3466
vendor-advisoryx_refsource_DEBIAN
http://www.oracle.com/technetwork/topics/security/linuxbu...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2016-02/msg000...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.