Wind River Support Network

HomeDefectsLIN7-5113

Fixed

LIN7-5113 : Security Advisory - krb5 - CVE-2015-2697

Created: Nov 13, 2015 Updated: Sep 8, 2018

Resolved Date: Dec 23, 2015

Found In Version: 7.0.0.10

Fix Version: 7.0.0.12

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2697

Other Downloads

Wind River Linux 7.0.0.14
Wind River Linux 7.0.0.15
Wind River Linux 7.0.0.16
Wind River Linux 7.0.0.17
Wind River Linux 7.0.0.18
Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2015-2697