CVE-2015-2695

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-2695
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html Mailing List Third Party Advisory
http://www.debian.org/security/2015/dsa-3395 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory
http://www.securityfocus.com/bid/90687 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034084 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2810-1 Third Party Advisory
https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d Patch Third Party Advisory
https://security.gentoo.org/glsa/201611-14 Third Party Advisory
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html Mailing List Third Party Advisory
http://www.debian.org/security/2015/dsa-3395 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory
http://www.securityfocus.com/bid/90687 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1034084 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2810-1 Third Party Advisory
https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d Patch Third Party Advisory
https://security.gentoo.org/glsa/201611-14 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
History

21 Nov 2024, 02:27

Type Values Removed Values Added
References () http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 - Vendor Advisory () http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244 - Vendor Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00006.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00007.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00014.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00022.html - Mailing List, Third Party Advisory
References () http://www.debian.org/security/2015/dsa-3395 - Third Party Advisory () http://www.debian.org/security/2015/dsa-3395 - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory () http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - Third Party Advisory
References () http://www.securityfocus.com/bid/90687 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/90687 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1034084 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1034084 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-2810-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-2810-1 - Third Party Advisory
References () https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d - Patch, Third Party Advisory () https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d - Patch, Third Party Advisory
References () https://security.gentoo.org/glsa/201611-14 - Third Party Advisory () https://security.gentoo.org/glsa/201611-14 - Third Party Advisory
Information

Published : 2015-11-09 03:59

Updated : 2024-11-21 02:27

NVD link : CVE-2015-2695

Mitre link : CVE-2015-2695

CVE.ORG link : CVE-2015-2695

JSON object : View

Products Affected

opensuse

  • opensuse
  • leap

suse

  • linux_enterprise_software_development_kit
  • linux_enterprise_server
  • linux_enterprise_desktop

canonical

  • ubuntu_linux

mit

  • kerberos_5

debian

  • debian_linux

oracle

  • solaris
CWE
CWE-763

Release of Invalid Pointer or Reference


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024