CVE-2015-2694

Related Files

Red Hat Security Advisory 2015-2154-07

Posted Nov 20, 2015

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2154-07 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request.

tags | advisory, remote

systems | linux, redhat

advisories | CVE-2014-5355, CVE-2015-2694

SHA-256 | 5ad980f4c68fede003281d3f75b3cf69921e4939654d38992cb7f8254c273b7d

Download | Favorite | View

Ubuntu Security Notice USN-2810-1

Posted Nov 12, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2810-1 - It was discovered that the Kerberos kpasswd service incorrectly handled certain UDP packets. A remote attacker could possibly use this issue to cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. It was discovered that Kerberos incorrectly handled null bytes in certain data fields. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, udp

systems | linux, ubuntu

advisories | CVE-2002-2443, CVE-2014-5355, CVE-2015-2694, CVE-2015-2695, CVE-2015-2696, CVE-2015-2697, CVE-2015-2698

SHA-256 | 54cd41e88f3b572fc0172f18b2a69d4bc309121aab39e9d9df3fcb5f00087252

Download | Favorite | View