Vulnerabilities > CVE-2015-8629 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 2.1 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
high complexity
mit
oracle
debian
opensuse
redhat
CWE-125
nessus

Summary

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

Vulnerable Configurations

Part Description Count
Application
Mit
94
OS
Oracle
4
OS
Debian
2
OS
Opensuse
2
OS
Redhat
22

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0430-1.NASL
    descriptionThis update for krb5 fixes the following issues : - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88708
    published2016-02-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88708
    titleSUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2016:0430-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:0430-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(88708);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/11 11:22:13");
    
      script_cve_id("CVE-2015-8629", "CVE-2015-8631");
    
      script_name(english:"SUSE SLED11 / SLES11 Security Update : krb5 (SUSE-SU-2016:0430-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for krb5 fixes the following issues :
    
      - CVE-2015-8629: Information leak authenticated attackers
        with permissions to modify the database (bsc#963968)
    
      - CVE-2015-8631: An authenticated attacker could have
        caused a memory leak in auditd by supplying a null
        principal name in request (bsc#963975)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=963968"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=963975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8629/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8631/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20160430-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1c7f81de"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4 :
    
    zypper in -t patch sdksp4-krb5-12397=1
    
    SUSE Linux Enterprise Server 11-SP4 :
    
    zypper in -t patch slessp4-krb5-12397=1
    
    SUSE Linux Enterprise Desktop 11-SP4 :
    
    zypper in -t patch sledsp4-krb5-12397=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4 :
    
    zypper in -t patch dbgsp4-krb5-12397=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-apps-clients");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-apps-servers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:krb5-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    if (os_ver == "SLED11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"krb5-32bit-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-apps-clients-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-apps-servers-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-client-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"krb5-server-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"krb5-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"krb5-client-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"x86_64", reference:"krb5-32bit-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"krb5-1.6.3-133.49.106.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"4", cpu:"i586", reference:"krb5-client-1.6.3-133.49.106.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0039.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2015-8629, CVE-2015-8631) - Also fix a spec trigger issue that prevents building - Resolves: #1306973
    last seen2020-06-01
    modified2020-06-02
    plugin id90138
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90138
    titleOracleVM 3.3 / 3.4 : krb5 (OVMSA-2016-0039)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2016-0039.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90138);
      script_version("2.13");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2014-5353", "CVE-2014-5355", "CVE-2015-8629", "CVE-2015-8631");
      script_bugtraq_id(71679, 74042);
    
      script_name(english:"OracleVM 3.3 / 3.4 : krb5 (OVMSA-2016-0039)");
      script_summary(english:"Checks the RPM output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - Fix (CVE-2015-8629, CVE-2015-8631)
    
      - Also fix a spec trigger issue that prevents building
    
      - Resolves: #1306973"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2016-March/000445.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e07cde0a"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2016-March/000450.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ce35e9e3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected krb5-libs package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:krb5-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "(3\.3|3\.4)" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3 / 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"krb5-libs-1.10.3-42z1.el6_7")) flag++;
    
    if (rpm_check(release:"OVS3.4", reference:"krb5-libs-1.10.3-42z1.el6_7")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-libs");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160404_KRB5_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) - An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) - A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630)
    last seen2020-03-18
    modified2016-04-05
    plugin id90344
    published2016-04-05
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90344
    titleScientific Linux Security Update : krb5 on SL7.x x86_64 (20160404)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90344);
      script_version("2.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2015-8629", "CVE-2015-8630", "CVE-2015-8631");
    
      script_name(english:"Scientific Linux Security Update : krb5 on SL7.x x86_64 (20160404)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - A memory leak flaw was found in the krb5_unparse_name()
        function of the MIT Kerberos kadmind service. An
        authenticated attacker could repeatedly send specially
        crafted requests to the server, which could cause the
        server to consume large amounts of memory resources,
        ultimately leading to a denial of service due to memory
        exhaustion. (CVE-2015-8631)
    
      - An out-of-bounds read flaw was found in the kadmind
        service of MIT Kerberos. An authenticated attacker could
        send a maliciously crafted message to force kadmind to
        read beyond the end of allocated memory, and write the
        memory contents to the KDC database if the attacker has
        write permission, leading to information disclosure.
        (CVE-2015-8629)
    
      - A NULL pointer dereference flaw was found in the
        procedure used by the MIT Kerberos kadmind service to
        store policies: the kadm5_create_principal_3() and
        kadm5_modify_principal() function did not ensure that a
        policy was given when KADM5_POLICY was set. An
        authenticated attacker with permissions to modify the
        database could use this flaw to add or modify a
        principal with a policy set to NULL, causing the kadmind
        service to crash. (CVE-2015-8630)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1604&L=scientific-linux-errata&F=&S=&P=76
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1dbfa680"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:krb5-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:krb5-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:krb5-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:krb5-pkinit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:krb5-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:krb5-server-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:krb5-workstation");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/04/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"krb5-debuginfo-1.13.2-12.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"krb5-devel-1.13.2-12.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"krb5-libs-1.13.2-12.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"krb5-pkinit-1.13.2-12.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"krb5-server-1.13.2-12.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"krb5-server-ldap-1.13.2-12.el7_2")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"krb5-workstation-1.13.2-12.el7_2")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5-debuginfo / krb5-devel / krb5-libs / krb5-pkinit / krb5-server / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-0429-1.NASL
    descriptionThis update for krb5 fixes the following issues : - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id88707
    published2016-02-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88707
    titleSUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2016:0429-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1012.NASL
    descriptionAccording to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion.(CVE-2015-8631) - An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) - A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-05-01
    plugin id99775
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99775
    titleEulerOS 2.0 SP1 : krb5 (EulerOS-SA-2016-1012)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0532.NASL
    descriptionFrom Red Hat Security Advisory 2016:0532 : An update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) * An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) * A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.
    last seen2020-06-01
    modified2020-06-02
    plugin id90295
    published2016-04-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90295
    titleOracle Linux 7 : krb5 (ELSA-2016-0532)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0493.NASL
    descriptionFrom Red Hat Security Advisory 2016:0493 : Updated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id90112
    published2016-03-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90112
    titleOracle Linux 6 : krb5 (ELSA-2016-0493)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-181.NASL
    descriptionThis update for krb5 fixes the following issues : - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975)
    last seen2020-06-05
    modified2016-02-11
    plugin id88687
    published2016-02-11
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88687
    titleopenSUSE Security Update : krb5 (openSUSE-2016-181)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-423.NASL
    descriptionCVE-2015-8629 It was discovered that an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. CVE-2015-8631 It was discovered that an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2016-02-23
    plugin id88886
    published2016-02-23
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88886
    titleDebian DLA-423-1 : krb5 security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-D9D394D999.NASL
    descriptionFix three kadmin vulnerabilities: CVE-2015-8629, CVE-2015-8630, CVE-2015-8631 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89620
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89620
    titleFedora 23 : krb5-1.14-7.fc23 (2016-d9d394d999)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-35492207CB.NASL
    descriptionFix three kadmin vulnerabilities: CVE-2015-8629, CVE-2015-8630, CVE-2015-8631 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89512
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89512
    titleFedora 22 : krb5-1.13.2-13.fc22 (2016-35492207cb)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0532.NASL
    descriptionAn update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) * An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) * A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.
    last seen2020-06-01
    modified2020-06-02
    plugin id90299
    published2016-04-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90299
    titleRHEL 7 : krb5 (RHSA-2016:0532)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160323_KRB5_ON_SL6_X.NASL
    descriptionA memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
    last seen2020-03-18
    modified2016-03-24
    plugin id90145
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90145
    titleScientific Linux Security Update : krb5 on SL6.x i386/x86_64 (20160323)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-691.NASL
    descriptionAn out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631)
    last seen2020-06-01
    modified2020-06-02
    plugin id90633
    published2016-04-22
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90633
    titleAmazon Linux AMI : krb5 (ALAS-2016-691)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0532.NASL
    descriptionAn update for krb5 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es) : * A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) * An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) * A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat.
    last seen2020-06-01
    modified2020-06-02
    plugin id90275
    published2016-04-01
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90275
    titleCentOS 7 : krb5 (CESA-2016:0532)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-230.NASL
    descriptionThis update for krb5 fixes the following issues : - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database (bsc#963968) - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash (bsc#963964) - CVE-2015-8631: An authenticated attacker could have caused a memory leak in auditd by supplying a null principal name in request (bsc#963975) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2016-02-19
    plugin id88854
    published2016-02-19
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/88854
    titleopenSUSE Security Update : krb5 (openSUSE-2016-230)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0493.NASL
    descriptionUpdated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id90116
    published2016-03-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90116
    titleRHEL 6 : krb5 (RHSA-2016:0493)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0493.NASL
    descriptionUpdated krb5 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id90122
    published2016-03-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90122
    titleCentOS 6 : krb5 (CESA-2016:0493)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3466.NASL
    descriptionSeveral vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8629 It was discovered that an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. - CVE-2015-8630 It was discovered that an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask. - CVE-2015-8631 It was discovered that an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory.
    last seen2020-06-01
    modified2020-06-02
    plugin id88581
    published2016-02-05
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88581
    titleDebian DSA-3466-1 : krb5 - security update

Redhat

advisories
  • rhsa
    idRHSA-2016:0493
  • rhsa
    idRHSA-2016:0532
rpms
  • krb5-debuginfo-0:1.10.3-42z1.el6_7
  • krb5-devel-0:1.10.3-42z1.el6_7
  • krb5-libs-0:1.10.3-42z1.el6_7
  • krb5-pkinit-openssl-0:1.10.3-42z1.el6_7
  • krb5-server-0:1.10.3-42z1.el6_7
  • krb5-server-ldap-0:1.10.3-42z1.el6_7
  • krb5-workstation-0:1.10.3-42z1.el6_7
  • krb5-debuginfo-0:1.13.2-12.el7_2
  • krb5-devel-0:1.13.2-12.el7_2
  • krb5-libs-0:1.13.2-12.el7_2
  • krb5-pkinit-0:1.13.2-12.el7_2
  • krb5-server-0:1.13.2-12.el7_2
  • krb5-server-ldap-0:1.13.2-12.el7_2
  • krb5-workstation-0:1.13.2-12.el7_2