CVE-2015-2698

13.11.2015, 03:59

The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.5 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:S/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 75%

Affected Products (NVD)

Vendor	Product	Version
mit	kerberos_5	1.14:beta2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

krb5

bookworm	1.20.1-2+deb12u2 fixed
bookworm (security)	1.20.1-2+deb12u2 fixed
bullseye	1.18.3-6+deb11u5 fixed
bullseye (security)	1.18.3-6+deb11u5 fixed
jessie	not-affected
sid	1.21.3-3 fixed
squeeze	not-affected
trixie	1.21.3-3 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

krb5

precise	Fixed 1.10+dfsg~beta1-2ubuntu0.7 released
trusty	Fixed 1.12+dfsg-2ubuntu5.2 released
vivid	Fixed 1.12.1+dfsg-18ubuntu0.1 released
wily	Fixed 1.13.2+dfsg-2ubuntu0.1 released

openSUSE / SLES Releases

openSUSE Product

Release

krb5

suse enterprise desktop 15	1.15.2-4.25 fixed
suse enterprise desktop 15 SP1	1.16.3-1.16 fixed
suse enterprise desktop 15 SP2	1.16.3-3.6.1 fixed
suse enterprise desktop 15 SP3	1.16.3-3.15.1 fixed
suse enterprise desktop 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise desktop 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise desktop 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise desktop 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise sap 12	1.12.1-22.5 fixed
suse enterprise sap 12 SP1	1.12.1-22.5 fixed
suse enterprise sap 12 SP5	1.12.5-40.37.7 fixed
suse enterprise sap 15	1.15.2-4.25 fixed
suse enterprise sap 15 SP1	1.16.3-1.16 fixed
suse enterprise sap 15 SP2	1.16.3-3.6.1 fixed
suse enterprise sap 15 SP3	1.16.3-3.15.1 fixed
suse enterprise sap 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise sap 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise sap 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise sap 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise server 12	1.12.1-22.5 fixed
suse enterprise server 12 SP1	1.12.1-22.5 fixed
suse enterprise server 12 SP2	1.12.5-39.1 fixed
suse enterprise server 12 SP3	1.12.5-39.1 fixed
suse enterprise server 12 SP5	1.12.5-40.37.7 fixed
suse enterprise server 15	1.15.2-4.25 fixed
suse enterprise server 15 SP1	1.16.3-1.16 fixed
suse enterprise server 15 SP2	1.16.3-3.6.1 fixed
suse enterprise server 15 SP3	1.16.3-3.15.1 fixed
suse enterprise server 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise server 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise server 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise server 15 SP7	1.20.1-150600.11.8.1 fixed

krb5-32bit

suse enterprise desktop 15	1.15.2-4.25 fixed
suse enterprise desktop 15 SP1	1.16.3-1.16 fixed
suse enterprise desktop 15 SP2	1.16.3-3.6.1 fixed
suse enterprise desktop 15 SP3	1.16.3-3.15.1 fixed
suse enterprise desktop 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise desktop 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise desktop 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise desktop 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise sap 12	1.12.1-22.5 fixed
suse enterprise sap 12 SP1	1.12.1-22.5 fixed
suse enterprise sap 12 SP5	1.12.5-40.37.7 fixed
suse enterprise sap 15	1.15.2-4.25 fixed
suse enterprise sap 15 SP1	1.16.3-1.16 fixed
suse enterprise sap 15 SP2	1.16.3-3.6.1 fixed
suse enterprise sap 15 SP3	1.16.3-3.15.1 fixed
suse enterprise sap 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise sap 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise sap 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise sap 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise server 12	1.12.1-22.5 fixed
suse enterprise server 12 SP1	1.12.1-22.5 fixed
suse enterprise server 12 SP2	1.12.5-39.1 fixed
suse enterprise server 12 SP3	1.12.5-39.1 fixed
suse enterprise server 12 SP5	1.12.5-40.37.7 fixed
suse enterprise server 15	1.15.2-4.25 fixed
suse enterprise server 15 SP1	1.16.3-1.16 fixed
suse enterprise server 15 SP2	1.16.3-3.6.1 fixed
suse enterprise server 15 SP3	1.16.3-3.15.1 fixed
suse enterprise server 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise server 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise server 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise server 15 SP7	1.20.1-150600.11.8.1 fixed

krb5-client

suse enterprise desktop 15	1.15.2-4.25 fixed
suse enterprise desktop 15 SP1	1.16.3-1.16 fixed
suse enterprise desktop 15 SP2	1.16.3-3.6.1 fixed
suse enterprise desktop 15 SP3	1.16.3-3.15.1 fixed
suse enterprise desktop 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise desktop 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise desktop 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise desktop 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise sap 12	1.12.1-22.5 fixed
suse enterprise sap 12 SP1	1.12.1-22.5 fixed
suse enterprise sap 12 SP5	1.12.5-40.37.7 fixed
suse enterprise sap 15	1.15.2-4.25 fixed
suse enterprise sap 15 SP1	1.16.3-1.16 fixed
suse enterprise sap 15 SP2	1.16.3-3.6.1 fixed
suse enterprise sap 15 SP3	1.16.3-3.15.1 fixed
suse enterprise sap 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise sap 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise sap 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise sap 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise server 12	1.12.1-22.5 fixed
suse enterprise server 12 SP1	1.12.1-22.5 fixed
suse enterprise server 12 SP2	1.12.5-39.1 fixed
suse enterprise server 12 SP3	1.12.5-39.1 fixed
suse enterprise server 12 SP5	1.12.5-40.37.7 fixed
suse enterprise server 15	1.15.2-4.25 fixed
suse enterprise server 15 SP1	1.16.3-1.16 fixed
suse enterprise server 15 SP2	1.16.3-3.6.1 fixed
suse enterprise server 15 SP3	1.16.3-3.15.1 fixed
suse enterprise server 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise server 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise server 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise server 15 SP7	1.20.1-150600.11.8.1 fixed

krb5-devel

suse enterprise desktop 15	1.15.2-4.25 fixed
suse enterprise desktop 15 SP1	1.16.3-1.16 fixed
suse enterprise desktop 15 SP2	1.16.3-3.6.1 fixed
suse enterprise desktop 15 SP3	1.16.3-3.15.1 fixed
suse enterprise desktop 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise desktop 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise desktop 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise desktop 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise sap 15	1.15.2-4.25 fixed
suse enterprise sap 15 SP1	1.16.3-1.16 fixed
suse enterprise sap 15 SP2	1.16.3-3.6.1 fixed
suse enterprise sap 15 SP3	1.16.3-3.15.1 fixed
suse enterprise sap 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise sap 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise sap 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise sap 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise server 15	1.15.2-4.25 fixed
suse enterprise server 15 SP1	1.16.3-1.16 fixed
suse enterprise server 15 SP2	1.16.3-3.6.1 fixed
suse enterprise server 15 SP3	1.16.3-3.15.1 fixed
suse enterprise server 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise server 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise server 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise server 15 SP7	1.20.1-150600.11.8.1 fixed

krb5-doc

suse enterprise sap 12	1.12.1-22.5 fixed
suse enterprise sap 12 SP1	1.12.1-22.5 fixed
suse enterprise sap 12 SP5	1.12.5-40.37.7 fixed
suse enterprise server 12	1.12.1-22.5 fixed
suse enterprise server 12 SP1	1.12.1-22.5 fixed
suse enterprise server 12 SP2	1.12.5-39.1 fixed
suse enterprise server 12 SP3	1.12.5-39.1 fixed
suse enterprise server 12 SP5	1.12.5-40.37.7 fixed

krb5-plugin-kdb-ldap

suse enterprise sap 12	1.12.1-22.5 fixed
suse enterprise sap 12 SP1	1.12.1-22.5 fixed
suse enterprise sap 12 SP5	1.12.5-40.37.7 fixed
suse enterprise sap 15	1.15.2-4.25 fixed
suse enterprise sap 15 SP1	1.16.3-1.16 fixed
suse enterprise sap 15 SP2	1.16.3-3.6.1 fixed
suse enterprise sap 15 SP3	1.16.3-3.15.1 fixed
suse enterprise sap 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise sap 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise server 12	1.12.1-22.5 fixed
suse enterprise server 12 SP1	1.12.1-22.5 fixed
suse enterprise server 12 SP2	1.12.5-39.1 fixed
suse enterprise server 12 SP3	1.12.5-39.1 fixed
suse enterprise server 12 SP5	1.12.5-40.37.7 fixed
suse enterprise server 15	1.15.2-4.25 fixed
suse enterprise server 15 SP1	1.16.3-1.16 fixed
suse enterprise server 15 SP2	1.16.3-3.6.1 fixed
suse enterprise server 15 SP3	1.16.3-3.15.1 fixed
suse enterprise server 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise server 15 SP7	1.20.1-150600.11.8.1 fixed

krb5-plugin-preauth-otp

suse enterprise desktop 15	1.15.2-4.25 fixed
suse enterprise desktop 15 SP1	1.16.3-1.16 fixed
suse enterprise desktop 15 SP2	1.16.3-3.6.1 fixed
suse enterprise desktop 15 SP3	1.16.3-3.15.1 fixed
suse enterprise desktop 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise desktop 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise desktop 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise desktop 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise sap 12	1.12.1-22.5 fixed
suse enterprise sap 12 SP1	1.12.1-22.5 fixed
suse enterprise sap 12 SP5	1.12.5-40.37.7 fixed
suse enterprise sap 15	1.15.2-4.25 fixed
suse enterprise sap 15 SP1	1.16.3-1.16 fixed
suse enterprise sap 15 SP2	1.16.3-3.6.1 fixed
suse enterprise sap 15 SP3	1.16.3-3.15.1 fixed
suse enterprise sap 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise sap 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise sap 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise sap 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise server 12	1.12.1-22.5 fixed
suse enterprise server 12 SP1	1.12.1-22.5 fixed
suse enterprise server 12 SP2	1.12.5-39.1 fixed
suse enterprise server 12 SP3	1.12.5-39.1 fixed
suse enterprise server 12 SP5	1.12.5-40.37.7 fixed
suse enterprise server 15	1.15.2-4.25 fixed
suse enterprise server 15 SP1	1.16.3-1.16 fixed
suse enterprise server 15 SP2	1.16.3-3.6.1 fixed
suse enterprise server 15 SP3	1.16.3-3.15.1 fixed
suse enterprise server 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise server 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise server 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise server 15 SP7	1.20.1-150600.11.8.1 fixed

krb5-plugin-preauth-pkinit

suse enterprise desktop 15	1.15.2-4.25 fixed
suse enterprise desktop 15 SP1	1.16.3-1.16 fixed
suse enterprise desktop 15 SP2	1.16.3-3.6.1 fixed
suse enterprise desktop 15 SP3	1.16.3-3.15.1 fixed
suse enterprise desktop 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise desktop 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise desktop 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise desktop 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise sap 12	1.12.1-22.5 fixed
suse enterprise sap 12 SP1	1.12.1-22.5 fixed
suse enterprise sap 12 SP5	1.12.5-40.37.7 fixed
suse enterprise sap 15	1.15.2-4.25 fixed
suse enterprise sap 15 SP1	1.16.3-1.16 fixed
suse enterprise sap 15 SP2	1.16.3-3.6.1 fixed
suse enterprise sap 15 SP3	1.16.3-3.15.1 fixed
suse enterprise sap 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise sap 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise sap 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise sap 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise server 12	1.12.1-22.5 fixed
suse enterprise server 12 SP1	1.12.1-22.5 fixed
suse enterprise server 12 SP2	1.12.5-39.1 fixed
suse enterprise server 12 SP3	1.12.5-39.1 fixed
suse enterprise server 12 SP5	1.12.5-40.37.7 fixed
suse enterprise server 15	1.15.2-4.25 fixed
suse enterprise server 15 SP1	1.16.3-1.16 fixed
suse enterprise server 15 SP2	1.16.3-3.6.1 fixed
suse enterprise server 15 SP3	1.16.3-3.15.1 fixed
suse enterprise server 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise server 15 SP5	1.20.1-150500.1.2 fixed
suse enterprise server 15 SP6	1.20.1-150600.9.2 fixed
suse enterprise server 15 SP7	1.20.1-150600.11.8.1 fixed

krb5-server

suse enterprise sap 12	1.12.1-22.5 fixed
suse enterprise sap 12 SP1	1.12.1-22.5 fixed
suse enterprise sap 12 SP5	1.12.5-40.37.7 fixed
suse enterprise sap 15	1.15.2-4.25 fixed
suse enterprise sap 15 SP1	1.16.3-1.16 fixed
suse enterprise sap 15 SP2	1.16.3-3.6.1 fixed
suse enterprise sap 15 SP3	1.16.3-3.15.1 fixed
suse enterprise sap 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise sap 15 SP7	1.20.1-150600.11.8.1 fixed
suse enterprise server 12	1.12.1-22.5 fixed
suse enterprise server 12 SP1	1.12.1-22.5 fixed
suse enterprise server 12 SP2	1.12.5-39.1 fixed
suse enterprise server 12 SP3	1.12.5-39.1 fixed
suse enterprise server 12 SP5	1.12.5-40.37.7 fixed
suse enterprise server 15	1.15.2-4.25 fixed
suse enterprise server 15 SP1	1.16.3-1.16 fixed
suse enterprise server 15 SP2	1.16.3-3.6.1 fixed
suse enterprise server 15 SP3	1.16.3-3.15.1 fixed
suse enterprise server 15 SP4	1.19.2-150400.1.9 fixed
suse enterprise server 15 SP7	1.20.1-150600.11.8.1 fixed

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273

http://lists.opensuse.org/opensuse-updates/2015-11/msg00116.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00124.html

http://www.ubuntu.com/usn/USN-2810-1

https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd

http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273

http://lists.opensuse.org/opensuse-updates/2015-11/msg00116.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00124.html

http://www.ubuntu.com/usn/USN-2810-1

https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd