Alpine: multiple heimdal packages: security update to 7.7.1-r0

critical Tenable Cloud Security Plugin ID 423997

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue,
where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be
opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by
forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute
delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD
DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the
not-delegated flag set. (CVE-2019-14870)

- A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ
(Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server.
(CVE-2021-3671)

- Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a
preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. (CVE-2021-44758)

- A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and
unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI
library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a
maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the
application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-14870

https://security.alpinelinux.org/vuln/CVE-2021-3671

https://security.alpinelinux.org/vuln/CVE-2021-44758

https://security.alpinelinux.org/vuln/CVE-2022-3437

https://security.alpinelinux.org/vuln/CVE-2022-41916

https://security.alpinelinux.org/vuln/CVE-2022-42898

https://security.alpinelinux.org/vuln/CVE-2022-44640

https://security.alpinelinux.org/vuln/CVE-2022-45142

Plugin Details

Severity: Critical

ID: 423997

Version: Revision 1.8

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97.05

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2019-14870

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2022-44640

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 12/10/2019

Reference Information

CVE: CVE-2019-14870, CVE-2021-3671, CVE-2021-44758, CVE-2022-3437, CVE-2022-41916, CVE-2022-42898, CVE-2022-44640, CVE-2022-45142