CVE-2015-8631 — MEDIUM (6.5)

Q: How severe is CVE-2015-8631?

CVE-2015-8631 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-8631?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Opensuse Leap, Opensuse Opensuse, Debian Debian Linux, Redhat Enterprise Linux Desktop.

Vulnerability Description

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mit	Kerberos 5	< 1.13.4
Opensuse	Leap	42.1
Opensuse	Opensuse	13.2
Debian	Debian Linux	7.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	6.7
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	7.2
Redhat	Enterprise Linux Server Tus	7.2
Redhat	Enterprise Linux Workstation	6.0
Oracle	Linux	6

Related Weaknesses (CWE)

CWE-772

References

http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0493.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0532.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3466Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.hThird Party Advisory
http://www.securitytracker.com/id/1034916Third Party AdvisoryVDB Entry
https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2PatchThird Party Advisory
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0493.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0532.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3466Third Party Advisory

FAQ

What is CVE-2015-8631?

CVE-2015-8631 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memo...

How severe is CVE-2015-8631?

CVE-2015-8631 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8631?

Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Opensuse Leap, Opensuse Opensuse, Debian Debian Linux, Redhat Enterprise Linux Desktop.