Rapid7 Vulnerability & Exploit Database

RHSA-2015:0439: krb5 security, bug fix and enhancement update

Back to Search

RHSA-2015:0439: krb5 security, bug fix and enhancement update

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
02/19/2015
Created
07/25/2018
Added
03/09/2015
Modified
07/04/2017

Description

A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptorfor continuation tokens. A remote, unauthenticated attacker could use this flawto crash a GSSAPI-enabled server application. (CVE-2014-4344)A buffer overflow was found in the KADM5 administration server (kadmind) when itwas used with an LDAP back end for the KDC database. A remote, authenticatedattacker could potentially use this flaw to execute arbitrary code on the systemrunning kadmind. (CVE-2014-4345)A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5library processed valid context deletion tokens. An attacker able to make anapplication using the GSS-API library (libgssapi) call thegss_process_context_token() function could use this flaw to crash thatapplication. (CVE-2014-5352)If kadmind were used with an LDAP back end for the KDC database, a remote,authenticated attacker with the permissions to set the password policy couldcrash kadmind by attempting to use a named ticket policy object as a passwordpolicy for a principal. (CVE-2014-5353)A double-free flaw was found in the way MIT Kerberos handled invalid ExternalData Representation (XDR) data. An authenticated user could use this flaw tocrash the MIT Kerberos administration server (kadmind), or other applicationsusing Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421)It was found that the MIT Kerberos administration server (kadmind) incorrectlyaccepted certain authentication requests for two-component server principalnames. A remote attacker able to acquire a key with a particularly namedprincipal (such as "kad/x") could use this flaw to impersonate any user tokadmind, and perform administrative actions as that user. (CVE-2014-9422)An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSSimplementation (libgssrpc) handled certain requests. An attacker could send aspecially crafted request to an application using libgssrpc to disclose alimited portion of uninitialized memory used by that application.(CVE-2014-9423)Two buffer over-read flaws were found in the way MIT Kerberos handled certainrequests. A remote, unauthenticated attacker able to inject packets into aclient or server application's GSSAPI session could use either of these flaws tocrash the application. (CVE-2014-4341, CVE-2014-4342)A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attackerable to spoof packets to appear as though they are from an GSSAPI acceptor coulduse this flaw to crash a client application that uses MIT Kerberos.(CVE-2014-4343)Red Hat would like to thank the MIT Kerberos project for reporting theCVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MITKerberos project acknowledges Nico Williams for helping with the analysis ofCVE-2014-5352.The krb5 packages have been upgraded to upstream version 1.12, which provides anumber of bug fixes and enhancements, including:This update also fixes multiple bugs, for example:In addition, this update adds various enhancements. Among others:

Solution(s)

  • redhat-upgrade-krb5-debuginfo
  • redhat-upgrade-krb5-devel
  • redhat-upgrade-krb5-libs
  • redhat-upgrade-krb5-pkinit
  • redhat-upgrade-krb5-server
  • redhat-upgrade-krb5-server-ldap
  • redhat-upgrade-krb5-workstation

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;