#VU32374 Permissions, Privileges, and Access Controls in Kerberos 5 - CVE-2015-2694

Cybersecurity Help s.r.o.

Published: 2015-05-25 | Updated: 2020-07-28

Vulnerability identifier: #VU32374

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-2694

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Kerberos 5
Client/Desktop applications / Software for system administration

Vendor: MIT

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Kerberos 5: 1.0 - 1.18.2

External links
https://krbdev.mit.edu/rt/Ticket/Display.html?id=8160
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://www.securityfocus.com/bid/74824
https://www.ubuntu.com/usn/USN-2810-1
https://github.com/krb5/krb5/commit/e3b5a5e5267818c97750b266df50b6a3d4649604

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for krb5

Permissions, Privileges, and Access Controls in krb5 (Alpine package)

Permissions, Privileges, and Access Controls in web.mit.edu krb5

Fedora 21 update for krb5

Fedora 22 update for krb5