FreeBSD : krb5 -- Multiple vulnerabilities (3f3837cc-48fb-4414-aa46-5b1c23c9feae)

critical Nessus Plugin ID 103953

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

MIT reports :

CVE-2017-11368 :

In MIT krb5 1.7 and later, an authenticated attacker can cause an assertion failure in krb5kdc by sending an invalid S4U2Self or S4U2Proxy request.

CVE-2017-11462 :

RFC 2744 permits a GSS-API implementation to delete an existing security context on a second or subsequent call to gss_init_sec_context() or gss_accept_sec_context() if the call results in an error. This API behavior has been found to be dangerous, leading to the possibility of memory errors in some callers. For safety, GSS-API implementations should instead preserve existing security contexts on error until the caller deletes them.

All versions of MIT krb5 prior to this change may delete acceptor contexts on error. Versions 1.13.4 through 1.13.7, 1.14.1 through 1.14.5, and 1.15 through 1.15.1 may also delete initiator contexts on error.

Solution

Update the affected packages.

See Also

https://krbdev.mit.edu/rt/Ticket/Display.html?id=8599

http://www.nessus.org/u?329bbed6

https://krbdev.mit.edu/rt/Ticket/Display.html?id=8598

http://www.nessus.org/u?950727d9

http://www.nessus.org/u?7f2d2817

Plugin Details

Severity: Critical

ID: 103953

File Name: freebsd_pkg_3f3837cc48fb4414aa465b1c23c9feae.nasl

Version: 3.5

Type: local

Published: 10/19/2017

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:krb5, p-cpe:/a:freebsd:freebsd:krb5-113, p-cpe:/a:freebsd:freebsd:krb5-114, p-cpe:/a:freebsd:freebsd:krb5-115, p-cpe:/a:freebsd:freebsd:krb5-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/18/2017

Vulnerability Publication Date: 7/14/2017

Reference Information

CVE: CVE-2017-11368, CVE-2017-11462