CVE-2015-2698
published 2015-11-13CVE-2015-2698: The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain…
PriorityP336high8.5CVSS 2.0
AVNACMAuSCCICAC
EPSS
2.89%
85.2th percentile
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.13.2+dfsg-4 (bookworm) | krb5 1.13.2+dfsg-4 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.13.2+dfsg-4 | 1.13.2+dfsg-4 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-4 | 1.13.2+dfsg-4 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-4 | 1.13.2+dfsg-4 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-4 | 1.13.2+dfsg-4 |
| mit | krb5 | >= 0 < 1.12+dfsg-2ubuntu5.2 | 1.12+dfsg-2ubuntu5.2 |
CVSS provenance
nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
osv7.1HIGH
vendor_debian7.1HIGH
vendor_redhat7.1HIGH
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Kerberos vulnerabilities
vendor_ubuntu·2015-11-12·CVSS 5.0
CVE-2002-2443 [MEDIUM] Kerberos vulnerabilities
Title: Kerberos vulnerabilities
Summary: Several security issues were fixed in Kerberos.
It was discovered that the Kerberos kpasswd service incorrectly handled
certain UDP packets. A remote attacker could possibly use this issue to
cause resource consumption, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS. (CVE-2002-2443)
It was discovered that Kerberos incorrectly handled null bytes in certain
data fields. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-5355)
It was discovered that the Kerberos kdcpreauth modules incorrectly tracked
certain client requests. A remote attacker could possibly use this issue
to bypass intended preauthentication requirements
Red Hat
krb5: IAKERB context export/import
vendor_redhat·2015-11-01·CVSS 7.1
CVE-2015-2698 [HIGH] CWE-843 krb5: IAKERB context export/import
krb5: IAKERB context export/import
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
Statement: This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4, 5, 6, and 7.
Package: krb5 (Red Hat Enterprise Linux 4) - Not affected
Package: krb5 (Red Hat Enterprise Linux 5) - Not affected
Package: krb5 (Red Hat Enterprise Linux 6) - Not affected
Package: k
Debian
CVE-2015-2698: krb5 - The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Ke...
vendor_debian·2015·CVSS 7.1
CVE-2015-2698 [HIGH] CVE-2015-2698: krb5 - The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Ke...
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
Scope: local
bookworm: resolved (fixed in 1.13.2+dfsg-4)
bullseye: resolved (fixed in 1.13.2+dfsg-4)
forky: resolved (fixed in 1.13.2+dfsg-4)
sid: resolved (fixed in 1.13.2+dfsg-4)
trixie: resolved (fixed in 1.13.2+dfsg-4)
GHSA
GHSA-v6gv-gg54-g3w6: The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb
ghsa_unreviewed·2022-05-13·CVSS 7.1
CVE-2015-2698 [HIGH] CWE-119 GHSA-v6gv-gg54-g3w6: The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
OSV
CVE-2015-2698: The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb
osv·2015-11-13·CVSS 7.1
CVE-2015-2698 [HIGH] CVE-2015-2698: The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb
The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.
OSV
krb5 vulnerabilities
osv·2015-11-12·CVSS 5.0
CVE-2002-2443 [MEDIUM] krb5 vulnerabilities
krb5 vulnerabilities
It was discovered that the Kerberos kpasswd service incorrectly handled
certain UDP packets. A remote attacker could possibly use this issue to
cause resource consumption, resulting in a denial of service. This issue
only affected Ubuntu 12.04 LTS. (CVE-2002-2443)
It was discovered that Kerberos incorrectly handled null bytes in certain
data fields. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2014-5355)
It was discovered that the Kerberos kdcpreauth modules incorrectly tracked
certain client requests. A remote attacker could possibly use this issue
to bypass intended preauthentication requirements. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-20
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-2698 krb5: IAKERB context export/import [fedora-all]
bugzilla·2015-11-06·CVSS 8.5
CVE-2015-2698 [HIGH] CVE-2015-2698 krb5: IAKERB context export/import [fedora-all]
CVE-2015-2698 krb5: IAKERB context export/import [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While on
Bugzilla
CVE-2015-2698 krb5: IAKERB context export/import
bugzilla·2015-11-06·CVSS 7.1
CVE-2015-2698 [HIGH] CVE-2015-2698 krb5: IAKERB context export/import
CVE-2015-2698 krb5: IAKERB context export/import
The kerberos project reports:
The patches for CVE-2015-2696 contained a regression in the newly
added IAKERB iakerb_gss_export_sec_context() function, which could
cause it to corrupt memory. Fix the regression by properly
dereferencing the context_handle pointer before casting it.
Also, the patches did not implement an IAKERB gss_import_sec_context()
function, under the erroneous belief that an exported IAKERB context
would be tagged as a krb5 context. Implement it now to allow IAKERB
contexts to be successfully exported and imported after establishment.
CVE-2015-2698:
In any MIT krb5 release with the patches for CVE-2015-2696 applied, an
application which calls gss_export_sec_context() may experience memory
corruption if the context wa
Bugzilla
CVE-2015-2696 krb5: IAKERB context aliasing flaw
bugzilla·2015-10-28·CVSS 7.1
CVE-2015-2696 [HIGH] CVE-2015-2696 krb5: IAKERB context aliasing flaw
CVE-2015-2696 krb5: IAKERB context aliasing flaw
The kerberos project reports:
The IAKERB mechanism currently replaces its context handle with the
krb5 mechanism handle upon establishment, under the assumption that
most GSS functions are only called after context establishment. This
assumption is incorrect, and can lead to aliasing violations for some
programs. Maintain the IAKERB context structure after context
establishment and add new IAKERB entry points to refer to it with that
type. Add initiate and established flags to the IAKERB context
structure for use in gss_inquire_context() prior to context
establishment.
CVE-2015-2696:
In MIT krb5 1.9 and later, applications which call
gss_inquire_context() on a partially-established IAKERB context can
cause the GSS-API library to read fro
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273http://lists.opensuse.org/opensuse-updates/2015-11/msg00116.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00124.htmlhttp://www.ubuntu.com/usn/USN-2810-1https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fdhttp://krbdev.mit.edu/rt/Ticket/Display.html?id=8273http://lists.opensuse.org/opensuse-updates/2015-11/msg00116.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00124.htmlhttp://www.ubuntu.com/usn/USN-2810-1https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
2015-11-13
Published