Wind River Support Network

HomeDefectsLIN7-5608

Fixed

LIN7-5608 : Security Advisory - krb5 - CVE-2015-8629

Created: Feb 13, 2016 Updated: Sep 8, 2018

Resolved Date: Mar 8, 2016

Found In Version: 7.0.0.12

Fix Version: 7.0.0.14

Severity: Standard

Applicable for: Wind River Linux 7

Component/s: Userspace

Description

The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8629

Other Downloads

Wind River Linux 7.0.0.14
Wind River Linux 7.0.0.15
Wind River Linux 7.0.0.16
Wind River Linux 7.0.0.17
Wind River Linux 7.0.0.18
Wind River Linux 7.0.0.19
Wind River Linux 7.0.0.20
Wind River Linux 7.0.0.21
Wind River Linux 7.0.0.22
Wind River Linux 7.0.0.23
Wind River Linux 7.0.0.24
Wind River Linux 7.0.0.25
Wind River Linux 7.0.0.26
Wind River Linux 7.0.0.27
Wind River Linux 7.0.0.28
Wind River Linux 7.0.0.29
Wind River Linux 7.0.0.30
Wind River Linux 7.0.0.31

CVEs

CVE-2015-8629