Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-2694

Опубликовано: 25 мая 2015
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5.8

Описание

The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.

РелизСтатусПримечание
devel

not-affected

1.13.2+dfsg-3
esm-infra-legacy/trusty

released

1.12+dfsg-2ubuntu5.2
lucid

not-affected

1.8.1+dfsg-2ubuntu0.14
precise

not-affected

1.10+dfsg~beta1-2ubuntu0.6
trusty

released

1.12+dfsg-2ubuntu5.2
trusty/esm

released

1.12+dfsg-2ubuntu5.2
upstream

released

1.13.2,1.12.1+dfsg-20
utopic

ignored

end of life
vivid

released

1.12.1+dfsg-18ubuntu0.1
vivid/stable-phone-overlay

released

1.12.1+dfsg-18ubuntu0.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 55%
0.00327
Низкий

5.8 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2015-2694

redhat
больше 10 лет назад

The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.

nvd логотип

CVE-2015-2694

nvd
больше 10 лет назад

The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.

debian логотип

CVE-2015-2694

debian
больше 10 лет назад

The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x ...

github логотип

GHSA-6h2g-5cjr-jj97

github
больше 3 лет назад

The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.

oracle-oval логотип

ELSA-2015-2154

oracle-oval
почти 10 лет назад

ELSA-2015-2154: krb5 security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 55%
0.00327
Низкий

5.8 Medium

CVSS2