ESB-2018.0322 - [Debian] krb5: Multiple vulnerabilities 2018-02-01

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0322
               Debian LTS: DLA-1265-1: krb5 security update
                              1 February 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           krb5
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
Impact/Access:     Denial of Service   -- Remote/Unauthenticated
                   Unauthorised Access -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-3120 CVE-2016-3119 CVE-2014-5355
                   CVE-2014-5353 CVE-2014-5351 CVE-2013-1418

Reference:         ASB-2017.0219
                   ESB-2014.1836
                   ESB-2014.1604

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : krb5
Version        : 1.10.1+dfsg-5+deb7u9
CVE ID         : CVE-2013-1418 CVE-2014-5351 CVE-2014-5353
                 CVE-2014-5355 CVE-2016-3119 CVE-2016-3120
Debian Bug     : 728845 762479 773226 778647 819468 832572

Kerberos, a system for authenticating users and services on a network,
was affected by several vulnerabilities. The Common Vulnerabilities
and Exposures project identifies the following issues.

CVE-2013-1418
    Kerberos allows remote attackers to cause a denial of service
   (NULL pointer dereference and daemon crash) via a crafted request
    when multiple realms are configured.

CVE-2014-5351
    Kerberos sends old keys in a response to a -randkey -keepold
    request, which allows remote authenticated users to forge tickets by
    leveraging administrative access.

CVE-2014-5353
    When the KDC uses LDAP, allows remote authenticated users to cause a
    denial of service (daemon crash) via a successful LDAP query with no
    results, as demonstrated by using an incorrect object type for a
    password policy.

CVE-2014-5355
    Kerberos expects that a krb5_read_message data field is represented
    as a string ending with a '\0' character, which allows remote
    attackers to (1) cause a denial of service (NULL pointer
    dereference) via a zero-byte version string or (2) cause a denial of
    service (out-of-bounds read) by omitting the '\0' character,

CVE-2016-3119
    Kerberos allows remote authenticated users to cause a denial of
    service (NULL pointer dereference and daemon crash) via a crafted
    request to modify a principal.

CVE-2016-3120
    Kerberos allows remote authenticated users to cause a denial of
    service (NULL pointer dereference and daemon crash) via an S4U2Self
    request.

For Debian 7 "Wheezy", these problems have been fixed in version
1.10.1+dfsg-5+deb7u9.

We recommend that you upgrade your krb5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpx95pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRd+g/7B1Fgvyn2LEQB5QlDyxDQG46KLTwihMnrDc0Km8sZ0zAQsoRCzjnL/96G
pxsxnAMuTYkwAS98SKtODgQ3SRfD9gMrUXsIJHAMfqTEVrjWRXOZeJ00LIgj3g6d
690aKQv7TLYtmzizGo3w4KDkmUiVWzpgaGEEO7UCQCClpSODFmvNXYDOe4VRLwVS
MsB8VJ7D9UyjzEhfD2MJZSngBEG5Y+RxB5TZoVCGiHjaC6HiFp3CxEIn2cIuihWU
I3RQGVSPH/dlWkYTi9PIbZBhy+uf/f1V6K8LbPjD3kyMtyNLalc0mv+b61X5LfqQ
8M0hliMldGkhSLFEzpoQbabEYqm6jrnvlXIRY4mJzh0r9NRLdHYXyArw8FKdIq5J
MH0+6Fsmg2CXOguLc6U0GHkPLgrVaSQG2FSDhbb2G2Q866m+n5x9CQLQ68VluQDG
4DsCwIufklh96ZaYsISbOpH7taTLExAusf0xbhdaqqNqd7vcN5A2ciCburUERtLU
Wc8nAJIk5Uf9PU/RipNMNow5yXHZ8mdOUqjDXkJBvNOvgrzMUp3bWJ5aQwWkHbCI
+sw8C5W4KHNpbAAW7ega6tDxV9piEVlwYXFGH6B6ko+tT/L4mcUnB2h4139Dcap4
wnnWbe6i4YA7QspOQbT8iyK6c040gLaV3PmDWY/IcU+IIk4p1ZI=
=4hT1
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWnKfO4x+lLeg9Ub1AQgy7A//UorX10nEBdFMo5FhDVXeHcX3arBJbMY0
Yb8XMdV1ttayVaKjap9ocE7rZXzUXJC7PT/nuENFwhACRGmrtQAMRVsnXUsLDKq4
MffoWcBdK/45PxmDXmscPsdUcJdOOihxabpxF9xH2CuxcOxPcuD6CPRRQ2F+mw4u
qL/BsfIKAkVnWqlG6T+pG2mZwMbgTs7ubRxWaXOrGU3Hd9q7Ghi6fkga4Szn3yID
1mVUCtFQBrE+edZ+WwSbt4GYd4bUL9i5ZjptMff/47xNgcqcJ3PLphXEXMyDZvaP
C3YDSACsUKvHRdQlPKwgYXCTrG1pdFnh207BsJN9xi/GvkyCbS7Acdkvhdt2vnYf
YM9uI74oGyUQftEdDBn9YB5n0AS/1wbhONjQDaYGpxAUZJz95GSy9XQuCoYG3Vhx
SWcBXFOO32DwwJZB7Vr/1QBsyWu0l1IZORk1b0RI75oStrSqm0ZtxVqHNIcj2YET
iGTSrPA7n3IUODBHT3csY/fyU0VpT/I0r7unu/RaNX2VF/dM3jqhEOPlW4Y4020H
KUrGBzl3luLiKCfTO+p6exxpCTFIoWmvpZ1h++K7+VntR+LtXHaJhfMWbn6ucUPB
m7dEW/30gqUoyws/CYVlO6S8VVRRq7RL1RMvA+PjD0S1TtOcrBM2MfNfNtvA0+nF
7RHIBn6Dt74=
=P+BJ
-----END PGP SIGNATURE-----

« Back to bulletins