Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2015-8631

Disclosure Date: February 13, 2016 •

CVE-2015-8631 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

3.6

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

High

Vendors

debian,
mit,
opensuse,
oracle,
redhat

Products

debian linux 7.0,
debian linux 8.0,
enterprise linux desktop 6.0,
enterprise linux desktop 7.0,
enterprise linux eus 6.7,
enterprise linux eus 7.2,
enterprise linux eus 7.3,
enterprise linux eus 7.4,
enterprise linux eus 7.5,
enterprise linux eus 7.6,
enterprise linux eus 7.7,
enterprise linux server 6.0,
enterprise linux server 7.0,
enterprise linux server aus 7.2,
enterprise linux server aus 7.3,
enterprise linux server aus 7.4,
enterprise linux server aus 7.6,
enterprise linux server aus 7.7,
enterprise linux server tus 7.2,
enterprise linux server tus 7.3,
enterprise linux server tus 7.6,
enterprise linux server tus 7.7,
enterprise linux workstation 6.0,
enterprise linux workstation 7.0,
kerberos 5,
leap 42.1,
linux 6,
linux 7,
opensuse 13.2

References

Canonical

CVE-2015-8631 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631)

Advisory

DSA-3466 (http://www.debian.org/security/2016/dsa-3466)

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://lists.opensuse.org/opensuse-updates/2016-02/msg00059.html

SECTRACK-1034916 (http://www.securitytracker.com/id/1034916)

http://rhn.redhat.com/errata/RHSA-2016-0493.html

http://krbdev.mit.edu/rt/Ticket/Display.html?id=8343

https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2

http://rhn.redhat.com/errata/RHSA-2016-0532.html

http://lists.opensuse.org/opensuse-updates/2016-02/msg00110.html

Rapid7

Unknown

CVE-2015-8631

Unknown

Unknown

None

Low

Network

CVE-2015-8631

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2015-8631

Unknown

Unknown

None

Low

Network

CVE-2015-8631

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification