vulnerability
SUSE: CVE-2017-15088: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Nov 8, 2017 | Nov 8, 2017 | Jun 20, 2021 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Nov 8, 2017
Added
Nov 8, 2017
Modified
Jun 20, 2021
Description
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
Solutions
suse-upgrade-krb5suse-upgrade-krb5-32bitsuse-upgrade-krb5-clientsuse-upgrade-krb5-develsuse-upgrade-krb5-docsuse-upgrade-krb5-plugin-kdb-ldapsuse-upgrade-krb5-plugin-preauth-otpsuse-upgrade-krb5-plugin-preauth-pkinitsuse-upgrade-krb5-server
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.