Bugzilla – Bug 954204
VUL-0: CVE-2015-2698 krb5: IAKERB context export/import
Last modified: 2016-04-27 19:06:43 UTC
https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd says: Fix IAKERB context export/import [CVE-2015-2698] The patches for CVE-2015-2696 contained a regression in the newly added IAKERB iakerb_gss_export_sec_context() function, which could cause it to corrupt memory. Fix the regression by properly dereferencing the context_handle pointer before casting it. Also, the patches did not implement an IAKERB gss_import_sec_context() function, under the erroneous belief that an exported IAKERB context would be tagged as a krb5 context. Implement it now to allow IAKERB contexts to be successfully exported and imported after establishment. CVE-2015-2698: In any MIT krb5 release with the patches for CVE-2015-2696 applied, an application which calls gss_export_sec_context() may experience memory corruption if the context was established using the IAKERB mechanism. Historically, some vulnerabilities of this nature can be translated into remote code execution, though the necessary exploits must be tailored to the individual application and are usually quite complicated. CVSSv2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C References: https://bugzilla.redhat.com/show_bug.cgi?id=1278951 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2698 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2698.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2698
bugbot adjusting priority
This is an autogenerated message for OBS integration: This bug (954204) was mentioned in https://build.opensuse.org/request/show/343481 13.1 / krb5 https://build.opensuse.org/request/show/343482 13.2 / krb5
The update has been released, thus closing the bug report.
openSUSE-SU-2015:2055-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 954204 CVE References: CVE-2015-2698 Sources used: openSUSE 13.2 (src): krb5-1.12.2-18.1, krb5-mini-1.12.2-18.1 openSUSE 13.1 (src): krb5-1.11.3-3.24.1, krb5-mini-1.11.3-3.24.1
SUSE-SU-2015:2302-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 954204 CVE References: CVE-2015-2698 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): krb5-1.12.1-22.5 SUSE Linux Enterprise Software Development Kit 12 (src): krb5-1.12.1-22.5 SUSE Linux Enterprise Server 12-SP1 (src): krb5-1.12.1-22.5 SUSE Linux Enterprise Server 12 (src): krb5-1.12.1-22.5 SUSE Linux Enterprise Desktop 12-SP1 (src): krb5-1.12.1-22.5 SUSE Linux Enterprise Desktop 12 (src): krb5-1.12.1-22.5
openSUSE-SU-2015:2376-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 954204 CVE References: CVE-2015-2698 Sources used: openSUSE Leap 42.1 (src): krb5-1.12.1-24.1, krb5-mini-1.12.1-24.1