CVE-2015-2695

2015-11-0903:59:00

CWE-763

[email protected]

web.nvd.nist.gov

cve-2015-2695

mit kerberos 5

krb5

denial of service

spnego packet

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.095 Low

EPSS

Percentile

94.7%

JSON

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

CPENameOperatorVersion
mit:kerberos_5mit kerberos 5lt1.14
oracle:solarisoracle solariseq11.3
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0
debian:debian_linuxdebian debian linuxeq9.0
suse:linux_enterprise_serversuse linux enterprise servereq11

CPE	Name	Operator	Version
mit:kerberos_5	mit kerberos 5	lt	1.14
oracle:solaris	oracle solaris	eq	11.3
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
debian:debian_linux	debian debian linux	eq	8.0
debian:debian_linux	debian debian linux	eq	7.0
debian:debian_linux	debian debian linux	eq	9.0
suse:linux_enterprise_server	suse linux enterprise server	eq	11