Multiple vulnerabilities in Heimdal



Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2022-42898
CVE-2022-3437
CVE-2019-14870
CVE-2021-3671
CVE-2021-44758
CVE-2022-44640
CVE-2022-41916
CWE-ID CWE-190
CWE-122
CWE-358
CWE-476
CWE-119
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
heimdal
Server applications / Encryption software

Vendor Heimdal Software

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU69337

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-42898

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to an integer overflow within the S4U2Proxy handler on 32-bit systems. A remote user can send specially crafted request to the KDC server, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

heimdal: 0.5 - 7.7.0

CPE2.3 External links

http://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Heap-based buffer overflow

EUVDB-ID: #VU68701

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-3437

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. A remote user can send specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.


Mitigation

Install update from vendor's website.

Vulnerable software versions

heimdal: 0.5 - 7.7.0

CPE2.3 External links

http://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improperly implemented security feature

EUVDB-ID: #VU23470

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-14870

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of the DelegationNotAllowed Kerberos feature restriction ("delegation_not_allowed" user attribute) that is not applied when processing protocol transmission requests (S4U2Self) in the AD DC KDC. A remote authenticated user can gain access to sensitive information and functionality within the AD domain.

Mitigation

Install update from vendor's website.

Vulnerable software versions

heimdal: 0.5 - 7.7.0

CPE2.3 External links

http://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU57324

Risk: Medium

CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3671

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the way samba kerberos server handles missing sname attribute in TGS-REQ (Ticket Granting Server - Request). A remote authenticated user can send a specially crafted request to the samba server and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

heimdal: 0.5 - 7.7.0

CPE2.3 External links

http://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU69365

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-44758

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in SPNEGO acceptors. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

heimdal: 0.5 - 7.7.0

CPE2.3 External links

http://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU69364

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-44640

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in ASN.1 codec in Heimdal. The ASN.1 compiler generates code that allows specially crafted DER encodings of CHOICEs to invoke the wrong free function on the decoded structure upon decode error. This is known to impact the Heimdal KDC, leading to an invalid free() of an address partly or wholly under the control of the attacker. A remote attacker can execute arbitrary code on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

heimdal: 7.0.1 - 7.7.0

CPE2.3 External links

http://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU69362

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41916

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in Heimdal's PKI certificate validation library. A remote attacker can pass a specially crafted certificate to the affected application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

The vulnerability affects KDC (via PKINIT), kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

heimdal: 0.5 - 7.7.0

CPE2.3 External links

http://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx
http://github.com/heimdal/heimdal/releases/tag/heimdal-7.7.1


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###