A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application.
NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.
|Base Score:||4.3||Base Metrics:||AV:N/AC:M/Au:N/C:N/I:N/A:P|
|Access Vector:||Network||Attack Complexity:||Medium|
|Authentication:||None required||Confidentiality Impact:||None|
|Integrity Impact:||None||Availability Impact:||Partial|
|Oracle Linux version 5 (krb5)||ELSA-2014-1245||2014-09-17|
|Oracle Linux version 6 (krb5)||ELSA-2014-1389||2014-10-15|
|Oracle Linux version 7 (krb5)||ELSA-2015-0439||2015-03-11|
|Oracle VM version 3.3 (krb5)||OVMSA-2014-0034||2014-11-03|
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team