Vulnerability Details : CVE-2017-15088
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2017-15088
- cpe:2.3:a:mit:kerberos_5:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-15088
2.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-15088
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-15088
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).Assigned by: secalert@redhat.com (Secondary)
References for CVE-2017-15088
-
https://bugzilla.redhat.com/show_bug.cgi?id=1504045
1504045 – (CVE-2017-15088) CVE-2017-15088 krb5: Buffer overflow in get_matching_data()Issue Tracking;Patch;Third Party Advisory
-
https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
Fix PKINIT cert matching data construction · krb5/krb5@fbb687d · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698
#871698 - krb5: CVE-2017-15088: Buffer overflow in get_matching_data() - Debian Bug report logsIssue Tracking;Third Party Advisory
-
http://www.securityfocus.com/bid/101594
MIT krb5 CVE-2017-15088 Remote Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://github.com/krb5/krb5/pull/707
Fix PKINIT cert matching data construction by greghudson · Pull Request #707 · krb5/krb5 · GitHubPatch;Third Party Advisory
Jump to