CVE-2015-8630

Published: 13 February 2016

The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.

From the Ubuntu security team

It was discovered that Kerberos incorrectly handled policy names. A remote authenticated attacker could possibly use this issue to cause a denial of service.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
Upstream
Released (1.14+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.14.3+dfsg-2ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(1.13.2+dfsg-5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.12+dfsg-2ubuntu5.4)
Patches:
Upstream: https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b
Binaries built from this source package are in Universe and so are supported by the community.

Notes

AuthorNote
mdeslaur
introduced in 1.12
ratliff
use of kadmind is not supported in touch and core

References

Bugs