SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Kerberos Vendors:   MIT
Kerberos kadmind Server Stub Memory Leaks Let Remote Authenticated Users Consume Excessive Memory Resources
SecurityTracker Alert ID:  1034916
SecurityTracker URL:  http://securitytracker.com/id/1034916
CVE Reference:   CVE-2015-8631   (Links to External Site)
Date:  Feb 2 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Kerberos. A remote authenticated user can consume excessive memory on the target system.

A remote authenticated user can send specially crafted data to cause krb5_unparse_name() to fail and leak the client and server name. This can be exploited repeatedly to consume all available memory on the target system.

Simo Sorce reported this vulnerability.

Impact:   A remote authenticated user can cause kadmind to consume all available memory resources on the target system.
Solution:   The vendor has issued a source code fix, available at:

https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2

Vendor URL:  web.mit.edu/kerberos/ (Links to External Site)
Cause:   Resource error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 23 2016 (Red Hat Issues Fix) Kerberos kadmind Server Stub Memory Leaks Let Remote Authenticated Users Consume Excessive Memory Resources
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Mar 24 2016 (Oracle Issues Fix for Oracle Linux) Kerberos kadmind Server Stub Memory Leaks Let Remote Authenticated Users Consume Excessive Memory Resources
Oracle has issued a fix for Oracle Linux 6.
Mar 24 2016 (CentOS Issues Fix) Kerberos kadmind Server Stub Memory Leaks Let Remote Authenticated Users Consume Excessive Memory Resources
CentOS has issued a fix for CentOS 6.
Apr 1 2016 (Red Hat Issues Fix) Kerberos kadmind Server Stub Memory Leaks Let Remote Authenticated Users Consume Excessive Memory Resources
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Apr 1 2016 (CentOS Issues Fix) Kerberos kadmind Server Stub Memory Leaks Let Remote Authenticated Users Consume Excessive Memory Resources
CentOS has issued a fix for CentOS 7.
Apr 1 2016 (Oracle Issues Fix for Oracle Linux) Kerberos kadmind Server Stub Memory Leaks Let Remote Authenticated Users Consume Excessive Memory Resources
Oracle has issued a fix for Oracle Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC