what you don't know can hurt you

Debian Security Advisory 3466-1

Debian Security Advisory 3466-1
Posted Feb 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3466-1 - Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-8629, CVE-2015-8630, CVE-2015-8631
MD5 | ba861ba2d6603aac43ff3639b80aaa3a

Debian Security Advisory 3466-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3466-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 04, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : krb5
CVE ID : CVE-2015-8629 CVE-2015-8630 CVE-2015-8631
Debian Bug : 813126 813127 813296

Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2015-8629

It was discovered that an authenticated attacker can cause kadmind
to read beyond the end of allocated memory by sending a string
without a terminating zero byte. Information leakage may be possible
for an attacker with permission to modify the database.

CVE-2015-8630

It was discovered that an authenticated attacker with permission to
modify a principal entry can cause kadmind to dereference a null
pointer by supplying a null policy value but including KADM5_POLICY
in the mask.

CVE-2015-8631

It was discovered that an authenticated attacker can cause kadmind
to leak memory by supplying a null principal name in a request which
uses one. Repeating these requests will eventually cause kadmind to
exhaust all available memory.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.10.1+dfsg-5+deb7u7. The oldstable distribution (wheezy) is
not affected by CVE-2015-8630.

For the stable distribution (jessie), these problems have been fixed in
version 1.12.1+dfsg-19+deb8u2.

We recommend that you upgrade your krb5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWs7yCAAoJEAVMuPMTQ89E6zkP/0QCDJ5v0GGvYo0wzd9Kkj8c
S7jXr1N34kFZCggbVF20C7d0BYYLmrDfyfyQAhDIcnzwbe0NQpyR5sAr3qv8v/xk
4OOTlR/l0DBPwxscGbBI1dIYCFBk/w6Q0f57mbz/QQiGiY/Xnjfd9fs7Muqs4hAb
/j4ToBmEUY6tmyS0PZGoyYBYM/zkVPxLT7xjPu9vEtbb2unZhghos2dtaJHVvk7U
YjdA25CTWAR2ige38v8Ml+sRsU7UNMmXzhDaeBBhEOKuEBfKycwgfRHaBk7k0YXy
0j89+AZdGLs7kn7YY9QUh3Af+a3L7oiXJ0TG4F9hqhNCkG954B5LAqYmkAh7jBmP
I9CoIO4+uyjQB253gIx7DdWrAel+JbQy8g8+kgHaUaY8wfIoFZ1YRgsGzRSnH8PK
2oGk1XaqVpQYqVP/Gc3FBg9r4TJIsPOlFIkQivtmbg65wSH/LLrCa0DyU5yAVZuM
0+0XfDHIDMZqe7Z6+FppHozk7AhB++kSuZF17I0IJR/edARsJPw61Q3tQF4Vormu
h7rNfh7Br5bRA6//xsnWsKA26ZR238NH3YUk12Cw2B1cH4nbSba0Dss3G90jQxZn
eYu3C1XeNTsaGeAPEKKYty/GxW/gQCWvLbvM6AqnIxDhwqjVVo18WjUoFQDZW6aa
YHpYvqcqBRxjFizxH7D2
=X2oA
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close