Detections
Analytics

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Heimdal vulnerabilities (USN-5800-1)

critical Nessus Plugin ID 170001

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5800-1 advisory.

 - Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. (CVE-2021-44758)

 - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)

 - PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug.
 (CVE-2022-42898)

 - Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). (CVE-2022-44640)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-5800-1

Plugin Details

Severity: Critical

ID: 170001

File Name: ubuntu_USN-5800-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/12/2023

Updated: 7/10/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-44640

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:libheimbase1-heimdal, p-cpe:/a:canonical:ubuntu_linux:libheimntlm0-heimdal, p-cpe:/a:canonical:ubuntu_linux:libhx509-5-heimdal, p-cpe:/a:canonical:ubuntu_linux:libkadm5clnt7-heimdal, p-cpe:/a:canonical:ubuntu_linux:libkadm5srv8-heimdal, p-cpe:/a:canonical:ubuntu_linux:libkafs0-heimdal, p-cpe:/a:canonical:ubuntu_linux:libkdc2-heimdal, p-cpe:/a:canonical:ubuntu_linux:libkrb5-26-heimdal, p-cpe:/a:canonical:ubuntu_linux:libotp0-heimdal, p-cpe:/a:canonical:ubuntu_linux:libroken18-heimdal, p-cpe:/a:canonical:ubuntu_linux:libsl0-heimdal, p-cpe:/a:canonical:ubuntu_linux:libwind0-heimdal, cpe:/o:canonical:ubuntu_linux:16.04:-:esm, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:heimdal-clients, p-cpe:/a:canonical:ubuntu_linux:heimdal-clients-x, p-cpe:/a:canonical:ubuntu_linux:heimdal-dev, p-cpe:/a:canonical:ubuntu_linux:heimdal-kcm, p-cpe:/a:canonical:ubuntu_linux:heimdal-kdc, p-cpe:/a:canonical:ubuntu_linux:heimdal-multidev, p-cpe:/a:canonical:ubuntu_linux:heimdal-servers, p-cpe:/a:canonical:ubuntu_linux:heimdal-servers-x, p-cpe:/a:canonical:ubuntu_linux:libasn1-8-heimdal, p-cpe:/a:canonical:ubuntu_linux:libgssapi3-heimdal, p-cpe:/a:canonical:ubuntu_linux:libhcrypto4-heimdal, p-cpe:/a:canonical:ubuntu_linux:libhdb9-heimdal

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/12/2023

Vulnerability Publication Date: 10/25/2022

Reference Information

CVE: CVE-2021-44758, CVE-2022-3437, CVE-2022-42898, CVE-2022-44640

USN: 5800-1