Gentoo update for MIT krb5



Risk Medium
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2021-36222
CVE-2021-37750
CVE-2022-42898
CVE-2023-36054
CVE-2023-39975
CWE-ID CWE-476
CWE-190
CWE-824
CWE-415
Exploitation vector Network
Public exploit N/A
Vulnerable software
Gentoo Linux
Operating systems & Components / Operating system

app-crypt/mit-krb5
Operating systems & Components / Operating system package or component

Vendor Gentoo

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU55287

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-36222

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5). A remote attacker can send a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
app-crypt/mit-krb5 to version: 1.21.2

Vulnerable software versions

Gentoo Linux: All versions

app-crypt/mit-krb5: before 1.21.2

CPE2.3 External links

http://security.gentoo.org/glsa/202405-11


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU56828

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-37750

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Key Distribution Center (KDC) in kdc/do_tgs_req.c. A remote user can pass specially crafted data via the FAST inner body that lacks a server field, trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
app-crypt/mit-krb5 to version: 1.21.2

Vulnerable software versions

Gentoo Linux: All versions

app-crypt/mit-krb5: before 1.21.2

CPE2.3 External links

http://security.gentoo.org/glsa/202405-11


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Integer overflow

EUVDB-ID: #VU69337

Risk: Medium

CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-42898

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to an integer overflow within the S4U2Proxy handler on 32-bit systems. A remote user can send specially crafted request to the KDC server, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
app-crypt/mit-krb5 to version: 1.21.2

Vulnerable software versions

Gentoo Linux: All versions

app-crypt/mit-krb5: before 1.21.2

CPE2.3 External links

http://security.gentoo.org/glsa/202405-11


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Access of Uninitialized Pointer

EUVDB-ID: #VU79586

Risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-36054

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to the  _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c does not validate the relationship between n_key_data and the key_data array count and frees an uninitialized pointer. A remote user can send a specially crafted request to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
app-crypt/mit-krb5 to version: 1.21.2

Vulnerable software versions

Gentoo Linux: All versions

app-crypt/mit-krb5: before 1.21.2

CPE2.3 External links

http://security.gentoo.org/glsa/202405-11


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Double Free

EUVDB-ID: #VU79344

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-39975

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the free_req_info(). A remote attacker send a specially crafted request to trigger a double free error and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
app-crypt/mit-krb5 to version: 1.21.2

Vulnerable software versions

Gentoo Linux: All versions

app-crypt/mit-krb5: before 1.21.2

CPE2.3 External links

http://security.gentoo.org/glsa/202405-11


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###