Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-3395-1
HistoryNov 06, 2015 - 12:00 a.m.

krb5 - security update

2015-11-0600:00:00
Google
osv.dev
8

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.829 High

EPSS

Percentile

97.9%

JSON

Several vulnerabilities were discovered in krb5, the MIT implementation
of Kerberos. The Common Vulnerabilities and Exposures project identifies
the following problems:

  • CVE-2015-2695
    It was discovered that applications which call gss_inquire_context()
    on a partially-established SPNEGO context can cause the GSS-API
    library to read from a pointer using the wrong type, leading to a
    process crash.
  • CVE-2015-2696
    It was discovered that applications which call gss_inquire_context()
    on a partially-established IAKERB context can cause the GSS-API
    library to read from a pointer using the wrong type, leading to a
    process crash.
  • CVE-2015-2697
    It was discovered that the build_principal_va() function incorrectly
    handles input strings. An authenticated attacker can take advantage
    of this flaw to cause a KDC to crash using a TGS request with a
    large realm field beginning with a null byte.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.10.1+dfsg-5+deb7u4.

For the stable distribution (jessie), these problems have been fixed in
version 1.12.1+dfsg-19+deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 1.13.2+dfsg-3.

For the unstable distribution (sid), these problems have been fixed in
version 1.13.2+dfsg-3.

We recommend that you upgrade your krb5 packages.

CPENameOperatorVersion
krb5eq1.12.1+dfsg-19

Related

suse 5
nessus 12
osv 2
openvas 14
fedora 3
debian 5
mageia 2
gentoo 1
ibm 3
ubuntu 1
altlinux 3
debiancve 4
prion 4
ubuntucve 4
cve 4
suse
suse
Security update for krb5 (important)
2015-11-16 11:12:28
Security update for krb5 (important)
2015-11-06 18:12:23
Security update for krb5 (important)
2015-11-04 10:11:32
nessus
nessus
SUSE SLED12 / SLES12 Security Update : krb5 (SUSE-SU-2015:1897-1)
2015-11-05 00:00:00
Fedora 23 : krb5-1.13.2-12.fc23 (2015-be1b87a3b7)
2016-03-04 00:00:00
openSUSE Security Update : krb5 (openSUSE-2015-740)
2015-11-20 00:00:00
osv
osv
krb5 - security update
2015-11-06 00:00:00
krb5 - security update
2015-11-07 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:1897-1)
2021-04-19 00:00:00
SUSE: Security Advisory for krb5 (SUSE-SU-2015:1897-1)
2015-11-05 00:00:00
openSUSE: Security Advisory for krb5 (openSUSE-SU-2015:1928-1)
2015-11-07 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: krb5-1.13.2-12.fc23
2015-11-02 18:55:23
[SECURITY] Fedora 22 Update: krb5-1.13.2-10.fc22
2015-11-19 12:25:51
[SECURITY] Fedora 21 Update: krb5-1.12.2-19.fc21
2015-11-24 22:51:08
debian
debian
[SECURITY] [DSA 3395-1] krb5 security update
2015-11-06 19:49:54
[SECURITY] [DSA 3395-1] krb5 security update
2015-11-06 19:50:12
[SECURITY] [DLA 340-1] krb5 security update
2015-11-07 18:23:24
mageia
mageia
Updated krb5 packages fix security vulnerabilities
2015-11-07 23:11:27
Updated krb5 packages fix CVE-2015-2698
2015-11-17 00:36:58
gentoo
gentoo
MIT Kerberos 5: Multiple vulnerabilities
2016-11-20 00:00:00
ibm
ibm
Security Bulletin: OpenSource MIT Kerberos Vulnerabilities affect IBM Security Access Manager for Web (CVE-2015-2695, CVE-2015-2696)
2018-06-16 21:41:47
Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Kerberos
2022-06-02 13:24:33
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
ubuntu
ubuntu
Kerberos vulnerabilities
2015-11-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package krb5 version 1.14.2-alt1
2016-04-26 00:00:00
Security fix for the ALT Linux 9 package krb5 version 1.14.2-alt1
2016-04-25 00:00:00
Security fix for the ALT Linux 7 package krb5 version 1.13.7-alt0.M70P.1
2017-04-13 00:00:00
debiancve
debiancve
CVE-2015-2696
2015-11-09 03:59:00
CVE-2015-2697
2015-11-09 03:59:00
CVE-2015-2695
2015-11-09 03:59:00
prion
prion
Design/Logic Flaw
2015-11-09 03:59:00
Design/Logic Flaw
2015-11-09 03:59:00
Out-of-bounds
2015-11-09 03:59:00
ubuntucve
ubuntucve
CVE-2015-2697
2015-11-08 00:00:00
CVE-2015-2695
2015-11-08 00:00:00
CVE-2015-2698
2015-11-06 00:00:00
cve
cve
CVE-2015-2697
2015-11-09 03:59:00
CVE-2015-2696
2015-11-09 03:59:00
CVE-2015-2695
2015-11-09 03:59:00

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.829 High

EPSS

Percentile

97.9%

JSON
Related for OSV:DSA-3395-1
suse5nessus12osv2openvas14fedora3debian5mageia2gentoo1ibm3ubuntu1altlinux3debiancve4prion4ubuntucve4cve4