Executive Summary
Summary | |
---|---|
Title | krb5 security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2014:1245 | First vendor Publication | 2014-09-16 |
Vendor | RedHat | Last vendor Modification | 2014-09-16 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated krb5 packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop Workstation (v. 5 client) - i386, x86_64 3. Description: Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. (CVE-2014-4341) This update also fixes the following bugs: * Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632) * Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. (BZ#1089732) All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1026942 - CVE-2013-1418 krb5: multi-realm KDC null dereference leads to crash 1031499 - CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash) 1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext 1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2014-1245.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-476 | NULL Pointer Dereference |
33 % | CWE-125 | Out-of-bounds Read |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:25702 | |||
Oval ID: | oval:org.mitre.oval:def:25702 | ||
Title: | SUSE-SU-2013:1875-1 -- Security update for krb5 | ||
Description: | This update for krb5 fixes the following security issue: * If a KDC serves multiple realms, certain requests could cause setup_server_realm() to dereference a null pointer, crashing the KDC. (CVE-2013-1418) Security Issues: * CVE-2013-1418 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418 > | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1875-1 CVE-2013-1418 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26536 | |||
Oval ID: | oval:org.mitre.oval:def:26536 | ||
Title: | ELSA-2014-1245 -- krb5 security and bug fix update (Moderate) | ||
Description: | Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. (CVE-2014-4341) This update also fixes the following bugs: * Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632) * Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. (BZ#1089732) All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2014-1245 CVE-2014-4344 CVE-2014-4341 CVE-2013-1418 CVE-2013-6800 | Version: | 3 |
Platform(s): | Oracle Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26722 | |||
Oval ID: | oval:org.mitre.oval:def:26722 | ||
Title: | AIX NAS null deref in SPNEGO acceptor | ||
Description: | The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-4344 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26777 | |||
Oval ID: | oval:org.mitre.oval:def:26777 | ||
Title: | RHSA-2014:1245: krb5 security and bug fix update (Moderate) | ||
Description: | Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. (CVE-2014-4341) This update also fixes the following bugs: * Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632) * Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. (BZ#1089732) All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:1245-00 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4344 CESA-2014:1245 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26809 | |||
Oval ID: | oval:org.mitre.oval:def:26809 | ||
Title: | SUSE-SU-2014:0989-1 -- Security update for krb5 | ||
Description: | The several security issues have been fixed in kerberos 5. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0989-1 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26912 | |||
Oval ID: | oval:org.mitre.oval:def:26912 | ||
Title: | AIX NAS denial of service vulnerability | ||
Description: | MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2014-4341 | Version: | 4 |
Platform(s): | IBM AIX 6.1 IBM AIX 7.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27019 | |||
Oval ID: | oval:org.mitre.oval:def:27019 | ||
Title: | DEPRECATED: SUSE-SU-2014:0989-1 -- Security update for krb5 | ||
Description: | The several security issues have been fixed in kerberos 5. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:0989-1 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 | Version: | 4 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | krb5 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-11-14 | IAVM : 2013-B-0130 - MIT Kerberos Denial of Service Vulnerabilities Severity : Category I - VMSKEY : V0042308 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-03-27 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 8888889 - Revision : 1 - Type : SERVER-OTHER |
2015-03-27 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 8888888 - Revision : 1 - Type : SERVER-OTHER |
2016-03-14 | MIT Kerberos 5 IAKERB outbound token detected RuleID : 36816 - Revision : 5 - Type : SERVER-OTHER |
2016-03-14 | MIT Kerberos 5 SPNEGO incoming token detected RuleID : 36815 - Revision : 5 - Type : SERVER-OTHER |
2016-03-14 | MIT Kerberos 5 SPNEGO acceptor acc_ctx_cont denial of service attempt RuleID : 36814 - Revision : 5 - Type : SERVER-OTHER |
2015-06-23 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 34972 - Revision : 2 - Type : SERVER-OTHER |
2015-06-23 | MIT Kerberos KDC as-req sname null pointer dereference attempt RuleID : 34971 - Revision : 2 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-02-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-1265.nasl - Type : ACT_GATHER_INFO |
2018-01-11 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15552.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150305_krb5_on_SL7_x.nasl - Type : ACT_GATHER_INFO |
2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-37.nasl - Type : ACT_GATHER_INFO |
2015-03-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-0439.nasl - Type : ACT_GATHER_INFO |
2015-03-13 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-0439.nasl - Type : ACT_GATHER_INFO |
2015-03-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-0439.nasl - Type : ACT_GATHER_INFO |
2015-02-26 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_dbf9e66cbd5011e4a7ba206a8a720317.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_kerberos_20141216.nasl - Type : ACT_GATHER_INFO |
2015-01-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-53.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0034.nasl - Type : ACT_GATHER_INFO |
2014-11-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-443.nasl - Type : ACT_GATHER_INFO |
2014-11-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1389.nasl - Type : ACT_GATHER_INFO |
2014-11-04 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20141014_krb5_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-10-17 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1389.nasl - Type : ACT_GATHER_INFO |
2014-10-14 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140916_krb5_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-10-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1389.nasl - Type : ACT_GATHER_INFO |
2014-10-01 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-1245.nasl - Type : ACT_GATHER_INFO |
2014-09-18 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1245.nasl - Type : ACT_GATHER_INFO |
2014-09-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1245.nasl - Type : ACT_GATHER_INFO |
2014-09-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-165.nasl - Type : ACT_GATHER_INFO |
2014-09-04 | Name : The remote AIX host has a version of NAS installed that is affected by multip... File : aix_nas_advisory1.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2310-1.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_krb5-140729.nasl - Type : ACT_GATHER_INFO |
2014-08-12 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-486.nasl - Type : ACT_GATHER_INFO |
2014-08-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3000.nasl - Type : ACT_GATHER_INFO |
2014-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8189.nasl - Type : ACT_GATHER_INFO |
2014-08-08 | Name : The remote Fedora host is missing a security update. File : fedora_2014-8176.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-941.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-880.nasl - Type : ACT_GATHER_INFO |
2013-12-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-12.nasl - Type : ACT_GATHER_INFO |
2013-12-04 | Name : The remote Fedora host is missing a security update. File : fedora_2013-21786.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-275.nasl - Type : ACT_GATHER_INFO |
2013-11-18 | Name : A single sign-on service is affected by a denial of service vulnerability. File : mit_kerberos_cve-2013-1418.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
2013-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2013-20687.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-10-02 13:27:19 |
|
2014-09-19 13:27:41 |
|
2014-09-17 13:25:50 |
|
2014-09-16 09:23:11 |
|