Detections
Analytics

GLSA-202405-11 : MIT krb5: Multiple Vulnerabilities

high Nessus Plugin ID 194990

Language:

Description

The remote host is affected by the vulnerability described in GLSA-202405-11 (MIT krb5: Multiple Vulnerabilities)

 - ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)

 - The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
 (CVE-2021-37750)

 - PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has a similar bug.
 (CVE-2022-42898)

 - lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because
 _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. (CVE-2023-36054)

 - kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. (CVE-2023-39975)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

All MIT krb5 users should upgrade to the latest version:

 # emerge --sync # emerge --ask --oneshot --verbose >=app-crypt/mit-krb5-1.21.2

See Also

https://security.gentoo.org/glsa/202405-11

https://bugs.gentoo.org/show_bug.cgi?id=803434

https://bugs.gentoo.org/show_bug.cgi?id=809845

https://bugs.gentoo.org/show_bug.cgi?id=879875

https://bugs.gentoo.org/show_bug.cgi?id=917464

Plugin Details

Severity: High

ID: 194990

File Name: gentoo_GLSA-202405-11.nasl

Version: 1.0

Type: local

Published: 5/5/2024

Updated: 5/5/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-36222

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2023-39975

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:mit-krb5, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/5/2024

Vulnerability Publication Date: 7/22/2021

Reference Information

CVE: CVE-2021-36222, CVE-2021-37750, CVE-2022-42898, CVE-2023-36054, CVE-2023-39975