CVE-2015-8630
published 2016-02-13CVE-2015-8630: The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and…
PriorityP336high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
4.29%
89.9th percentile
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | krb5 | < krb5 1.13.2+dfsg-5 (bookworm) | krb5 1.13.2+dfsg-5 (bookworm) |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | kerberos_5 | — | — |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5 | 1.13.2+dfsg-5 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5 | 1.13.2+dfsg-5 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5 | 1.13.2+dfsg-5 |
| mit | krb5 | >= 0 < 1.13.2+dfsg-5 | 1.13.2+dfsg-5 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ccgj-jmwf-5p3g: The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal
ghsa_unreviewed·2022-05-13
CVE-2015-8630 [HIGH] GHSA-ccgj-jmwf-5p3g: The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
OSV
CVE-2015-8630: The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal
osv·2016-02-13·CVSS 7.5
CVE-2015-8630 [HIGH] CVE-2015-8630: The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
Red Hat
krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
vendor_redhat·2016-01-08·CVSS 7.5
CVE-2015-8630 [HIGH] CWE-476 krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a
Debian
CVE-2015-8630: krb5 - The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib...
vendor_debian·2015·CVSS 7.5
CVE-2015-8630 [HIGH] CVE-2015-8630: krb5 - The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib...
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
Scope: local
bookworm: resolved (fixed in 1.13.2+dfsg-5)
bullseye: resolved (fixed in 1.13.2+dfsg-5)
forky: resolved (fixed in 1.13.2+dfsg-5)
sid: resolved (fixed in 1.13.2+dfsg-5)
trixie: resolved (fixed in 1.13.2+dfsg-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-8630 krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
bugzilla·2016-01-28·CVSS 7.5
CVE-2015-8630 [HIGH] CVE-2015-8630 krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
CVE-2015-8630 krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask
It was reported that in MIT krb5 1.12 and later, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying a null policy value but including KADM5_POLICY in the mask.
Upstream patch:
https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b
Discussion:
Created krb5 tracking bugs for this issue:
Affects: fedora-all [bug 1302633]
---
Upstream bug report:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8342
Fixed upstream in krb5 1.14.1:
http://web.mit.edu/kerberos/krb5-1.14/krb5-1.14.1.html
The upstream bug report also indicates the issue will be fixed in 1.13.4.
---
This issue has been addressed
Bugzilla
CVE-2015-8630 krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask [fedora-all]
bugzilla·2016-01-28·CVSS 7.5
CVE-2015-8630 [HIGH] CVE-2015-8630 krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask [fedora-all]
CVE-2015-8630 krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mult
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8342http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00110.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0532.htmlhttp://www.debian.org/security/2016/dsa-3466http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securitytracker.com/id/1034915https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6bhttp://krbdev.mit.edu/rt/Ticket/Display.html?id=8342http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00110.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0532.htmlhttp://www.debian.org/security/2016/dsa-3466http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://www.securitytracker.com/id/1034915https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b
2016-02-13
Published