CVE-2015-2695 (debian_linux, kerberos_5, leap, linux_enterprise_desktop, linux_enterprise_server, linux_enterprise_software_development_kit, opensuse, solaris, ubuntu_linux)

lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.

View Full Alert

Leave a Reply