SUSE update for krb5

1) Access of Uninitialized Pointer

EUVDB-ID: #VU79586

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-36054

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to the  _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c does not validate the relationship between n_key_data and the key_data array count and frees an uninitialized pointer. A remote user can send a specially crafted request to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package krb5 to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP2

SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2

SUSE Linux Enterprise Server 15: SP1 - SP2

SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1

SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2

SUSE Linux Enterprise High Performance Computing 15: SP1 - SP2

SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1

SUSE CaaS Platform: 4.0

krb5-32bit: before 1.16.3-150100.3.30.1

krb5-32bit-debuginfo: before 1.16.3-150100.3.30.1

krb5-server-debuginfo: before 1.16.3-150100.3.30.1

krb5-plugin-preauth-pkinit-debuginfo: before 1.16.3-150100.3.30.1

krb5-client-debuginfo: before 1.16.3-150100.3.30.1

krb5-server: before 1.16.3-150100.3.30.1

krb5-devel: before 1.16.3-150100.3.30.1

krb5-debuginfo: before 1.16.3-150100.3.30.1

krb5-plugin-kdb-ldap: before 1.16.3-150100.3.30.1

krb5-client: before 1.16.3-150100.3.30.1

krb5-debugsource: before 1.16.3-150100.3.30.1

krb5-plugin-preauth-otp: before 1.16.3-150100.3.30.1

krb5-plugin-kdb-ldap-debuginfo: before 1.16.3-150100.3.30.1

krb5-plugin-preauth-pkinit: before 1.16.3-150100.3.30.1

krb5-plugin-preauth-otp-debuginfo: before 1.16.3-150100.3.30.1

krb5: before 1.16.3-150100.3.30.1

CPE2.3

• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp2_ltss:15-SP2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp1_ltss:15-SP1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp2_ltss:15-SP2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15_sp1_ltss:15-SP1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_caas_platform:4.0:*:*:*:*:*:*:*
• cpe:2.3:a:suse:krb5-32bit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-32bit-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-server-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-plugin-preauth-pkinit-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-client-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-server:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-devel:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-plugin-kdb-ldap:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-client:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-plugin-preauth-otp:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-plugin-kdb-ldap-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-plugin-preauth-pkinit:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5-plugin-preauth-otp-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:krb5:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20233434-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.