Debian DSA-2518-1 : krb5 - denial of service and remote code execution

high Nessus Plugin ID 61374

Synopsis

The remote Debian host is missing a security-related update.

Description

Emmanuel Bouillon from NCI Agency discovered multiple vulnerabilities in MIT Kerberos, a daemon implementing the network authentication protocol.

- CVE-2012-1014 By sending specially crafted AS-REQ (Authentication Service Request) to a KDC (Key Distribution Center), an attacker could make it free an uninitialized pointer, corrupting the heap. This can lead to process crash or even arbitrary code execution.

This CVE only affects testing (wheezy) and unstable (sid) distributions.

- CVE-2012-1015 By sending specially crafted AS-REQ to a KDC, an attacker could make it dereference an uninitialized pointer, leading to process crash or even arbitrary code execution

In both cases, arbitrary code execution is believed to be difficult to achieve, but might not be impossible.

Solution

Upgrade the krb5 packages.

For the stable distribution (squeeze), this problem has been fixed in version 1.8.3+dfsg-4squeeze6.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429

https://security-tracker.debian.org/tracker/CVE-2012-1014

https://security-tracker.debian.org/tracker/CVE-2012-1015

https://packages.debian.org/source/squeeze/krb5

https://www.debian.org/security/2012/dsa-2518

Plugin Details

Severity: High

ID: 61374

File Name: debian_DSA-2518.nasl

Version: 1.13

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:krb5, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 7/31/2012

Reference Information

CVE: CVE-2012-1014, CVE-2012-1015

DSA: 2518