Operating System:

[Debian]

Published:

23 November 2022

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2022.6110 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2022.6110
                          heimdal security update
                             23 November 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           heimdal
Publisher:         Debian
Operating System:  Debian GNU/Linux
Resolution:        Patch/Upgrade
CVE Names:         CVE-2022-44640 CVE-2022-42898 CVE-2022-41916
                   CVE-2022-3437 CVE-2021-44758 CVE-2021-3671

Original Bulletin: 
   https://lists.debian.org/debian-security-announce/2022/msg00258.html

Comment: CVSS (Max):  7.5* CVE-2022-41916 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
         CVSS Source: NVD
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
         * Not all CVSS available when published

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-5287-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
November 22, 2022                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : heimdal
CVE ID         : CVE-2021-3671 CVE-2021-44758 CVE-2022-3437 CVE-2022-41916
                 CVE-2022-42898 CVE-2022-44640
Debian Bug     : 996586

Several vulnerabilities were discovered in Heimdal, an implementation of
Kerberos 5 that aims to be compatible with MIT Kerberos.

CVE-2021-3671

    Joseph Sutton discovered that the Heimdal KDC does not validate that
    the server name in the TGS-REQ is present before dereferencing,
    which may result in denial of service.

CVE-2021-44758

    It was discovered that Heimdal is prone to a NULL dereference in
    acceptors where an initial SPNEGO token that has no acceptable
    mechanisms, which may result in denial of service for a server
    application that uses SPNEGO.

CVE-2022-3437

    Several buffer overflow flaws and non-constant time leaks were
    discovered when using 1DES, 3DES or RC4 (arcfour).

CVE-2022-41916

    An out-of-bounds memory access was discovered when Heimdal
    normalizes Unicode, which may result in denial of service.

CVE-2022-42898

    It was discovered that integer overflows in PAC parsing may result
    in denial of service for Heimdal KDCs or possibly Heimdal servers.

CVE-2022-44640

    It was discovered that the Heimdal's ASN.1 compiler generates code
    that allows specially crafted DER encodings to invoke an invalid
    free on the decoded structure upon decode error, which may result in
    remote code execution in the Heimdal KDC.

For the stable distribution (bullseye), these problems have been fixed in
version 7.7.0+dfsg-2+deb11u2.

We recommend that you upgrade your heimdal packages.

For the detailed security status of heimdal please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/heimdal

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmN9JvNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Soow//ePJ2Ls8Zoz3IZebkzebVDGYdofReuaVNOxb4yWBVAMi5B2LDYAdsusPJ
mih1urmiVUEAoHlCXUUM57dx+Mm+HGOoNcI3ancDuFZIXv3PKGaJK9Tj1QRztZcg
dgpWLTxTZKd62xEFsNcuaU4JMQ0dI8WXZHNEM4P7sqwcfBJyaZycoa3lJr0CUZp9
k68IwLEkzX0wgbiYub3himSkCdzMWOAnBuIFGQa6kbnvuwyM04wLi4es8uKTyF5j
HFHrbf7eK2bxwizgimMCuM0DfTdaYUbgbLPSRh2P71grJty9EmO3GNaWDryYLXVf
oO1klPk5hwmCHZJC3xAX1XATn+bM1ESF2diK95SXE8BmrhFgb4tWQaHWidszVkYO
DOo6w+WCvdlHURTg8Az/f2KJWObp6W6+x27owxU38mddagYb0Vepu3dk90IoYzKP
4fy+wQ0eSBqlkBnvTlBjybwK6Jko3EibpusZoNaiJKRof5dTCLd+43GIaAPirU6u
yV8x0tZR9ED18altczvzTT0hYFaF2Z4/0vhn4KB2OCCax6ii61GJzIIbkeGm+Blk
ZghclzIzHfKBukBBaRSIB+OhO/1rvC7aKRHq24qx7eakUSL/jN7P/V2G56X+Ij4+
ssK/ffgb6NQw6nXu8364mt+qTqbDN0kQ/7nJbpk3tkpJXLEJf1o=
=ddFe
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBY316VskNZI30y1K9AQjJaQ//VJYbhMemascUSSzbdMaDYg5eWNyiw46b
OOAd9V/jzvL4WPDEnkW+6ohDhgzusi18WwWG4feURTDcqQ2QrUMRgy0kKUr0saoB
GSF88Yr8i7wurzeuEBnVLxvY20TsGNLAEkvDC49n24kBYYIO7bCKMcZm+IW9m/rE
/VhA5UINWWjTxv3VCQF/x4qgfaBH+L/x1AROU8wqmlZKakp+luNOuG/xzegysIjQ
6VBfQsVibPG4/K3pdQ+g6/d0ViL+NTsJpe1FPG8XC7FsHo9b7LlWX7osJOY+oK3w
krHs7qsYaSmMLki6SNHs5XJW1pvGr8d2g25cmpWNPpbtRchRpnCeDtpXTWiRCrTP
43rkCKLrxdWGYqFstY2YTgivJvJfvau4EtHq75wSfc78xiIa8U5CAFZkS8ne+f2u
oV/IWwtPP6iQiFdmW4YoM4BRrKj6EbXxE5LZtl7QjGgXfz0U4sBDrmgyYwRgNaYQ
aAcMCOENvZr4FO+AIn4d8saUPZDSwtdQkhApWZb+JLnJ/wJkJlpvIVbzgw4nzeTj
ZAS7qw9W85Te8uXHR4yQqCT7t40sqAgRhwoFqrsqVxyRG5wNfTiZES1dwSIECP30
fPRfn/lYRPFeVbFA/u/68DI244fXNNxM02a63c8+0yMS0sL40UTlT+QH0bVGn7sL
aHq+r9hUcns=
=05ys
-----END PGP SIGNATURE-----