5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.835 High
EPSS
Percentile
98.4%
Package : krb5
Version : 1.8.3+dfsg-4squeeze10
CVE ID : CVE-2015-2695 CVE-2015-2697
Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos. The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2015-2695
It was discovered that applications which call gss_inquire_context()
on a partially-established SPNEGO context can cause the GSS-API
library to read from a pointer using the wrong type, leading to a
process crash.
CVE-2015-2697
It was discovered that the build_principal_va() function incorrectly
handles input strings. An authenticated attacker can take advantage
of this flaw to cause a KDC to crash using a TGS request with a
large realm field beginning with a null byte.
For the oldoldstable distribution (squeeze), these problems have been
fixed in version 1.8.3+dfsg-4squeeze10.
We recommend that you upgrade your krb5 packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | krb5-kdc-ldap | < 1.8.3+dfsg-4squeeze10 | krb5-kdc-ldap_1.8.3+dfsg-4squeeze10_all.deb |
Debian | 6 | all | libgssapi-krb5-2 | < 1.8.3+dfsg-4squeeze10 | libgssapi-krb5-2_1.8.3+dfsg-4squeeze10_all.deb |
Debian | 6 | all | libkrb5support0 | < 1.8.3+dfsg-4squeeze10 | libkrb5support0_1.8.3+dfsg-4squeeze10_all.deb |
Debian | 6 | all | libkadm5clnt-mit7 | < 1.8.3+dfsg-4squeeze10 | libkadm5clnt-mit7_1.8.3+dfsg-4squeeze10_all.deb |
Debian | 6 | all | krb5-user | < 1.8.3+dfsg-4squeeze10 | krb5-user_1.8.3+dfsg-4squeeze10_all.deb |
Debian | 6 | all | libk5crypto3 | < 1.8.3+dfsg-4squeeze10 | libk5crypto3_1.8.3+dfsg-4squeeze10_all.deb |
Debian | 6 | all | libkrb53 | < 1.8.3+dfsg-4squeeze10 | libkrb53_1.8.3+dfsg-4squeeze10_all.deb |
Debian | 6 | all | krb5-pkinit | < 1.8.3+dfsg-4squeeze10 | krb5-pkinit_1.8.3+dfsg-4squeeze10_all.deb |
Debian | 6 | all | libgssrpc4 | < 1.8.3+dfsg-4squeeze10 | libgssrpc4_1.8.3+dfsg-4squeeze10_all.deb |
Debian | 6 | all | libkrb5-dev | < 1.8.3+dfsg-4squeeze10 | libkrb5-dev_1.8.3+dfsg-4squeeze10_all.deb |