| Summary: | [Tracker] Heap corruption in mit-krb5 on 32 bit systems | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 879875, 880437, 881429 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2022-11-15 16:18:54 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 MITKRB5-SA-2022-001 MIT krb5 Security Advisory 2022-001 Original release: 2022-11-15 Last update: 2022-11-15 Topic: Vulnerabilities in PAC parsing CVE-2022-42898: integer overflow vulnerabilities in PAC parsing SUMMARY ======= Three integer overflow vulnerabilities have been discovered in the MIT krb5 library function krb5_parse_pac(). IMPACT ====== An authenticated attacker may be able to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash. On a 32-bit platform, an authenticated attacker may be able to cause heap corruption in a KDC or kadmind process, possibly leading to remote code execution. A privileged attacker may similarly be able to cause heap corruption in a Kerberos or GSS application service running on a 32-bit platform. An attacker with the privileges of a cross-realm KDC may be able to extract secrets from a KDC process's memory by having them copied into the PAC of a new ticket. AFFECTED SOFTWARE ================= Kerberos and GSS application services using krb5-1.8 or later are affected. kadmind in krb5-1.8 or later is affected. The krb5-1.20 KDC is affected. The krb5-1.8 through krb5-1.19 KDC is affected when using the Samba or FreeIPA KDB modules. FIXES ===== * Upcoming releases in the krb5-1.19 and krb5-1.20 series will contain fixes for these vulnerabilities. * The patch for krb5-1.20.x is available at https://web.mit.edu/kerberos/advisories/2022-001-patch-r120.txt A PGP-signed patch is available at https://web.mit.edu/kerberos/advisories/2022-001-patch-r120.txt.asc * The patch for krb5-1.19.x is available at https://web.mit.edu/kerberos/advisories/2022-001-patch-r119.txt A PGP-signed patch is available at https://web.mit.edu/kerberos/advisories/2022-001-patch-r119.txt.asc The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f434fdc40d45538a47707b84a112ed0a5eef621 commit 9f434fdc40d45538a47707b84a112ed0a5eef621 Author: Eray Aslan <eras@gentoo.org> AuthorDate: 2022-11-15 21:27:39 +0000 Commit: Eray Aslan <eras@gentoo.org> CommitDate: 2022-11-15 21:27:39 +0000 app-crypt/mit-krb5: add 1.20.1 Bug: https://bugs.gentoo.org/881397 Signed-off-by: Eray Aslan <eras@gentoo.org> app-crypt/mit-krb5/Manifest | 1 + app-crypt/mit-krb5/mit-krb5-1.20.1.ebuild | 148 ++++++++++++++++++++++++++++++ 2 files changed, 149 insertions(+) |