SUSE CVE-2015-8629

The xdrnullstring function in lib/kadm5/kadmrpcxdr.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service...

krb5: xdr_nullstring() doesn't check for terminating null character

An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission,...

MIT Kerberos 5 kadmind denial of service vulnerability

MIT Kerberos 5 also known as krb5 is the United States Massachusetts Institute of Technology MIT developed a set of network authentication protocols, which uses a client/server structure, and the client and server side can be authenticated to each other i.e., double authentication to prevent...

CVE-2015-8629

The xdrnullstring function in lib/kadm5/kadmrpcxdr.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service...