Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2015-8630

Public on 2016-02-13
Modified on 2016-04-21
Description

A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash.

Severity
Low
See what this means
CVSS v3 Base Score
2.1
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 krb5 2016-04-21 16:00 ALAS-2016-691

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 2.1 AV:N/AC:H/Au:S/C:N/I:N/A:P
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H