Candidate: CVE-2015-8631
PublicDate: 2016-02-13 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631
Description:
 Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT
 Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote
 authenticated users to cause a denial of service (memory consumption) via a
 request specifying a NULL principal name.
Ubuntu-Description:
 It was discovered that Kerberos incorrectly handled principal names. A
 remote authenticated attacker could possibly use this issue to cause a
 denial of service.
Notes:
 ratliff> use of kadmind in core and touch is not supported
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126
Priority: medium
Discovered-by: Simo Sorce
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_krb5:
 upstream: https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2
Tags_krb5: universe-binary
upstream_krb5: released (1.14+dfsg-1)
precise_krb5: ignored (reached end-of-life)
precise/esm_krb5: ignored (end of ESM support, was needed)
trusty_krb5: released (1.12+dfsg-2ubuntu5.4)
trusty/esm_krb5: released (1.12+dfsg-2ubuntu5.4)
vivid_krb5: ignored (reached end-of-life)
vivid/stable-phone-overlay_krb5: ignored
vivid/ubuntu-core_krb5: ignored
wily_krb5: ignored (reached end-of-life)
xenial_krb5: not-affected (1.13.2+dfsg-5)
esm-infra/xenial_krb5: not-affected (1.13.2+dfsg-5)
yakkety_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
zesty_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
artful_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
bionic_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
cosmic_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
disco_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
eoan_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
focal_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
groovy_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
hirsute_krb5: not-affected (1.14.3+dfsg-2ubuntu1)
devel_krb5: not-affected (1.14.3+dfsg-2ubuntu1)