Debian Security Advisory
DLA-423-1 krb5 -- LTS security update
- Date Reported:
- 22 Feb 2016
- Affected Packages:
- krb5
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 813126, Bug 813296.
In Mitre's CVE dictionary: CVE-2015-8629, CVE-2015-8631. - More information:
-
- CVE-2015-8629
It was discovered that an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database.
- CVE-2015-8631
It was discovered that an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory.
- CVE-2015-8629