Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-2697

Published: 8 November 2015

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

Notes

AuthorNote
sbeattie
kdc crash

Priority

Medium

Status

Package Release Status
krb5
Launchpad, Ubuntu, Debian
upstream
Released (1.13.2+dfsg-3)
precise
Released (1.10+dfsg~beta1-2ubuntu0.7)
trusty
Released (1.12+dfsg-2ubuntu5.2)
vivid
Released (1.12.1+dfsg-18ubuntu0.1)
wily
Released (1.13.2+dfsg-2ubuntu0.1)
Patches:
upstream: https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789
Binaries built from this source package are in Universe and so are supported by the community.