The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MIT Kerberos 5

computer vulnerability bulletin CVE-2017-15088

MIT krb5: buffer overflow via PKINIT get_matching_data

Synthesis of the vulnerability

An attacker can generate a buffer overflow via PKINIT get_matching_data() of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, MIT krb5, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 08/11/2017.
Identifiers: 871698, CVE-2017-15088, FEDORA-2017-41957e0f90, openSUSE-SU-2017:2993-1, SUSE-SU-2017:2948-1, VIGILANCE-VUL-24388.

Description of the vulnerability

An attacker can generate a buffer overflow via PKINIT get_matching_data() of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-11462

MIT krb5: use after free via GSS-API

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via GSS-API of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, MIT krb5, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 11/09/2017.
Identifiers: 873563, CVE-2017-11462, FEDORA-2017-10c74147f9, FEDORA-2017-56e23bc2b5, openSUSE-SU-2017:2712-1, VIGILANCE-VUL-23791.

Description of the vulnerability

An attacker can force the usage of a freed memory area via GSS-API of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-7562

MIT krb5: privilege escalation via EKU Cert Missing SAN

Synthesis of the vulnerability

An attacker can bypass restrictions via EKU Cert Missing SAN of MIT krb5, in order to escalate his privileges.
Impacted products: Fedora, MIT krb5, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Creation date: 29/08/2017.
Identifiers: CVE-2017-7562, FEDORA-2017-bf74db7147, RHSA-2018:0666-01, SUSE-SU-2018:1425-1, VIGILANCE-VUL-23635.

Description of the vulnerability

An attacker can bypass restrictions via EKU Cert Missing SAN of MIT krb5, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-11368

MIT Kerberos: assertion error via krb5kdc S4U2Self/S4U2Proxy

Synthesis of the vulnerability

An attacker can force an assertion error via krb5kdc S4U2Self/S4U2Proxy of MIT Kerberos, in order to trigger a denial of service.
Impacted products: Debian, Fedora, MIT krb5, Solaris, RHEL.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 25/07/2017.
Identifiers: bulletinjul2018, CVE-2017-11368, DLA-1058-1, FEDORA-2017-71c47e1e82, FEDORA-2017-8e9d9771c4, FEDORA-2017-e5b36383f4, RHSA-2018:0666-01, VIGILANCE-VUL-23349.

Description of the vulnerability

An attacker can force an assertion error via krb5kdc S4U2Self/S4U2Proxy of MIT Kerberos, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 20637

MIT krb5: security improvement via DES disabling

Synthesis of the vulnerability

The security of MIT krb5 was improved by disabling by default the DES encryption algorithm, which is now to be considered weak.
Impacted products: MIT krb5.
Severity: 1/4.
Consequences: no consequence.
Provenance: internet client.
Creation date: 19/09/2016.
Identifiers: VIGILANCE-VUL-20637.

Description of the vulnerability

This bulletin is about a security improvement.

It does not describe a vulnerability.

The security of MIT krb5 was therefore improved by disabling by default the DES encryption algorithm, which is now to be considered weak.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 19992

MIT krb5: buffer overflow via libkrad

Synthesis of the vulnerability

An attacker can generate a buffer overflow via libkrad of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, MIT krb5.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Creation date: 28/06/2016.
Revision date: 26/07/2016.
Identifiers: FEDORA-2016-0b966047e1, FEDORA-2016-335ed87353, FEDORA-2016-d18f993ab6, VIGILANCE-VUL-19992.

Description of the vulnerability

The MIT krb5 product uses libkrad to interact with RADIUS.

However, if the size of data is greater than the size of the storage array, an overflow occurs in the on_io_read() function of the src/lib/krad/remote.c file.

An attacker can therefore generate a buffer overflow via libkrad of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-3120

MIT krb5: denial of service via KDC TGT Only

Synthesis of the vulnerability

An attacker can send a malicious query to MIT krb5, in order to trigger a KDC denial of service.
Impacted products: Debian, Fedora, MIT krb5, openSUSE Leap, Solaris, RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 22/07/2016.
Identifiers: bulletinapr2017, CVE-2016-3120, DLA-1265-1, FEDORA-2016-0674a3c372, FEDORA-2016-4a36663643, FEDORA-2016-f405b25923, openSUSE-SU-2016:2268-1, RHSA-2016:2591-02, VIGILANCE-VUL-20194.

Description of the vulnerability

The MIT krb5 product can be configured so anonymous client principals are restricted to obtaining TGT only.

However, in this case, a client can stop the KDC.

An attacker can therefore send a malicious query to MIT krb5, in order to trigger a KDC denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-3119

MIT krb5: NULL pointer dereference via LDAP process_db_args

Synthesis of the vulnerability

An attacker, with permission to modify a principal entry, can force a NULL pointer to be dereferenced in the LDAP KDB module of MIT krb5, in order to trigger a denial of service.
Impacted products: Debian, Fedora, MIT krb5, openSUSE, openSUSE Leap, RHEL.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: privileged account.
Creation date: 23/03/2016.
Identifiers: CVE-2016-3119, DLA-1265-1, FEDORA-2016-56840babc3, FEDORA-2016-ed99cb602e, openSUSE-SU-2016:0947-1, openSUSE-SU-2016:1072-1, RHSA-2016:2591-02, VIGILANCE-VUL-19206.

Description of the vulnerability

The MIT krb5 product can use a LDAP KDB module.

However, if an argument is empty, the process_db_args() function of the src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c file does not check if a pointer is NULL, before using it.

An attacker, with permission to modify a principal entry, can therefore force a NULL pointer to be dereferenced in the LDAP KDB module of MIT krb5, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-8629 CVE-2015-8630 CVE-2015-8631

MIT krb5: three vulnerabilities of kadmin

Synthesis of the vulnerability

An attacker can use several vulnerabilities of kadmin of MIT krb5.
Impacted products: Debian, Fedora, MIT krb5, openSUSE, openSUSE Leap, RHEL.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 01/02/2016.
Identifiers: 1302617, 1302632, 1302642, CVE-2015-8629, CVE-2015-8630, CVE-2015-8631, DSA-3466-1, FEDORA-2016-35492207cb, FEDORA-2016-d9d394d999, openSUSE-SU-2016:0406-1, openSUSE-SU-2016:0501-1, RHSA-2016:0493-01, RHSA-2016:0532-01, VIGILANCE-VUL-18853.

Description of the vulnerability

Several vulnerabilities were announced in MIT krb5.

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; 1302617, CVE-2015-8629]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:2/4; 1302632, CVE-2015-8630]

An attacker can create a memory leak in kadmind, in order to trigger a denial of service. [severity:2/4; 1302642, CVE-2015-8631]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-2698

MIT krb5: memory corruption via IAKERB

Synthesis of the vulnerability

An attacker can generate a memory corruption in IAKERB of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, MIT krb5, openSUSE, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 09/11/2015.
Identifiers: CVE-2015-2698, FEDORA-2015-1b9c33d713, FEDORA-2015-200d2dfd9f, FEDORA-2015-58ae075703, openSUSE-SU-2015:2055-1, openSUSE-SU-2015:2376-1, USN-2810-1, VIGILANCE-VUL-18261.

Description of the vulnerability

The MIT krb5 product implements IAKERB (Initial and Pass Through Authentication Using Kerberos V5 and the GSS-API).

However, the patch for CVE-2015-2696 (VIGILANCE-VUL-18241) introduced a memory corruption in the iakerb_gss_export_sec_context() function.

An attacker can therefore generate a memory corruption in IAKERB of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MIT Kerberos 5: