Description
In all versions of MIT krb5, an authenticated attacker can cause kadmind
to read beyond the end of allocated memory by sending a string without a
terminating zero byte. Information leakage may be possible for an
attacker with permission to modify the database (CVE-2015-8629).
In MIT krb5 1.12 and later, an authenticated attacker with permission to
modify a principal entry can cause kadmind to dereference a null pointer
by supplying a null policy value but including KADM5_POLICY in the mask
(CVE-2015-8630).
In all versions of MIT krb5, an authenticated attacker can cause kadmind
to leak memory by supplying a null principal name in a request which uses
one. Repeating these requests will eventually cause kadmind to exhaust
all available memory (CVE-2015-8631).