The remote host is affected by the vulnerability described in GLSA-202310-06 (Heimdal: Multiple Vulnerabilities)

  - All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue,     where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be     opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by     forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute     delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD     DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the     not-delegated flag set. (CVE-2019-14870)

  - Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a     preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. (CVE-2021-44758)

  - A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and     unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI     library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a     maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the     application, possibly resulting in a denial of service (DoS) attack. (CVE-2022-3437)

  - A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This     vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the     argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed     to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability.
    (CVE-2022-3671)

  - Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a     denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via     PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users     should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. (CVE-2022-41916)

  - PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that     may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit     platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other     platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug.
    (CVE-2022-42898)

  - Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the     ASN.1 codec used by the Key Distribution Center (KDC). (CVE-2022-44640)

  - The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug     by adding != 0 comparisons to the result of memcmp. When these patches were backported to the     heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in     causing the validation of message integrity codes in gssapi/arcfour to be inverted. (CVE-2022-45142)

  -  Please review the referenced CVE identifiers for details.  (CVE-2022-44758)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

GLSA-202310-06 : Heimdal: Multiple Vulnerabilities

critical Nessus Plugin ID 182758

Version 1.2