Sign-up

ID

VAR-201708-0200


CVE

CVE-2015-3206


TITLE

python-kerberos Vulnerabilities in authentication

Trust: 0.8

sources: JVNDB: JVNDB-2015-007840

DESCRIPTION

The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. python-kerberos Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. python-kerberos is prone to an information disclosure vulnerability. Attackers can exploit this issue to disclose potentially sensitive information through man-in-the-middle attacks. This may aid in further attacks. python-kerberos is a plug-in for authenticating the Kerberos network protocol (computer network authorization protocol) in the open source cloud technology OpenStack client. There is a security vulnerability in the 'checkPassword' function in python-kerberos

Trust: 1.98

sources: NVD: CVE-2015-3206 // JVNDB: JVNDB-2015-007840 // BID: 74760 // VULHUB: VHN-81167

AFFECTED PRODUCTS

vendor:applemodel:pykerberosscope:eqversion: -

Trust: 1.6

vendor:pythonmodel:python-kerberosscope: - version: -

Trust: 0.8

vendor:pythonmodel:pykerberosscope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2015-007840 // CNNVD: CNNVD-201505-469 // NVD: CVE-2015-3206

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3206
value: HIGH

Trust: 1.0

NVD: CVE-2015-3206
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201505-469
value: MEDIUM

Trust: 0.6

VULHUB: VHN-81167
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3206
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-81167
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-3206
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-81167 // JVNDB: JVNDB-2015-007840 // CNNVD: CNNVD-201505-469 // NVD: CVE-2015-3206

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-81167 // JVNDB: JVNDB-2015-007840 // NVD: CVE-2015-3206

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-469

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201505-469

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007840

PATCH
title:kerberos 1.2.5url:https://pypi.python.org/pypi/kerberos
Trust: 0.8
title:Bug 1223802url:https://bugzilla.redhat.com/show_bug.cgi?id=1223802
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-007840

EXTERNAL IDS
db:NVDid:CVE-2015-3206
Trust: 2.8
db:BIDid:74760
Trust: 2.0
db:OPENWALLid:OSS-SECURITY/2015/05/21/3
Trust: 1.7
db:JVNDBid:JVNDB-2015-007840
Trust: 0.8
db:CNNVDid:CNNVD-201505-469
Trust: 0.7
db:NSFOCUSid:30018
Trust: 0.6
db:VULHUBid:VHN-81167
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81167 // 
            
            
            
            BID: 74760 // 
            
            
            
            JVNDB: JVNDB-2015-007840 // 
            
            
            
            CNNVD: CNNVD-201505-469 // 
            
            
            
            NVD: CVE-2015-3206

REFERENCES
url:https://github.com/apple/ccs-pykerberos/issues/31
Trust: 2.5
url:http://www.securityfocus.com/bid/74760
Trust: 1.7
url:http://www.openwall.com/lists/oss-security/2015/05/21/3
Trust: 1.7
url:https://bugzilla.redhat.com/show_bug.cgi?id=1223802
Trust: 1.7
url:https://pypi.python.org/pypi/kerberos
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3206
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-3206
Trust: 0.8
url:http://www.nsfocus.net/vulndb/30018
Trust: 0.6
url:https://www.calendarserver.org/ticket/833
Trust: 0.3
url:https://pypi.python.org/pypi/pykerberos
Trust: 0.3
sources:
            
            
            VULHUB: VHN-81167 // 
            
            
            
            BID: 74760 // 
            
            
            
            JVNDB: JVNDB-2015-007840 // 
            
            
            
            CNNVD: CNNVD-201505-469 // 
            
            
            
            NVD: CVE-2015-3206

CREDITS
Martin Prpic
Trust: 0.9
sources:
            
            
            BID: 74760 // 
            
            
            
            CNNVD: CNNVD-201505-469

SOURCES
db:VULHUBid:VHN-81167
db:BIDid:74760
db:JVNDBid:JVNDB-2015-007840
db:CNNVDid:CNNVD-201505-469
db:NVDid:CVE-2015-3206

LAST UPDATE DATE
2025-04-20T23:04:40.670000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81167date:2018-12-20T00:00:00
db:BIDid:74760date:2015-05-21T00:00:00
db:JVNDBid:JVNDB-2015-007840date:2017-09-28T00:00:00
db:CNNVDid:CNNVD-201505-469date:2017-08-28T00:00:00
db:NVDid:CVE-2015-3206date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-81167date:2017-08-25T00:00:00
db:BIDid:74760date:2015-05-21T00:00:00
db:JVNDBid:JVNDB-2015-007840date:2017-09-28T00:00:00
db:CNNVDid:CNNVD-201505-469date:2015-05-22T00:00:00
db:NVDid:CVE-2015-3206date:2017-08-25T18:29:00.637