SB2023051674 - Multiple vulnerabilities in Gss-ntlmssp

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2023-25567)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when decoding target information. A remote attacker can send specially crafted NTLM request to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

2) Memory leak (CVE-ID: CVE-2023-25566)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when parsing usernames. A remote attacker can force the application to leak memory and perform denial of service attack.

3) Release of invalid pointer or reference (CVE-ID: CVE-2023-25565)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when decoding target information. A remote attacker can send specially crafted NTLM request to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

4) Out-of-bounds write (CVE-ID: CVE-2023-25564)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary in the ntlm_str_convert() function error when decoding UTF16 strings. A remote attacker can send specially crafted NTLM request to the application, trigger an out-of-bounds write error and perform a denial of service (DoS) attack.

5) Out-of-bounds read (CVE-ID: CVE-2023-25563)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when decoding NTLM fields. A remote attacker can send specially crafted NTLM request to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch
• https://github.com/gssapi/gss-ntlmssp/releases/tag/v1.2.0
• https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4
• https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74
• https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4
• https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64
• https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg
• https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950
• https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq
• https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd
• https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf