The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of MIT krb5

computer vulnerability announce 20637

MIT krb5: security improvement via DES disabling

Synthesis of the vulnerability

The security of MIT krb5 was improved by disabling by default the DES encryption algorithm, which is now to be considered weak.
Impacted products: MIT krb5.
Severity: 1/4.
Consequences: no consequence.
Provenance: internet client.
Creation date: 19/09/2016.
Identifiers: VIGILANCE-VUL-20637.

Description of the vulnerability

This bulletin is about a security improvement.

It does not describe a vulnerability.

The security of MIT krb5 was therefore improved by disabling by default the DES encryption algorithm, which is now to be considered weak.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 19992

MIT krb5: buffer overflow via libkrad

Synthesis of the vulnerability

An attacker can generate a buffer overflow via libkrad of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, MIT krb5.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: document.
Creation date: 28/06/2016.
Revision date: 26/07/2016.
Identifiers: FEDORA-2016-0b966047e1, FEDORA-2016-335ed87353, FEDORA-2016-d18f993ab6, VIGILANCE-VUL-19992.

Description of the vulnerability

The MIT krb5 product uses libkrad to interact with RADIUS.

However, if the size of data is greater than the size of the storage array, an overflow occurs in the on_io_read() function of the src/lib/krad/remote.c file.

An attacker can therefore generate a buffer overflow via libkrad of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-3120

MIT krb5: denial of service via KDC TGT Only

Synthesis of the vulnerability

An attacker can send a malicious query to MIT krb5, in order to trigger a KDC denial of service.
Impacted products: Debian, Fedora, MIT krb5, openSUSE Leap, Solaris, RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 22/07/2016.
Identifiers: bulletinapr2017, CVE-2016-3120, DLA-1265-1, FEDORA-2016-0674a3c372, FEDORA-2016-4a36663643, FEDORA-2016-f405b25923, openSUSE-SU-2016:2268-1, RHSA-2016:2591-02, VIGILANCE-VUL-20194.

Description of the vulnerability

The MIT krb5 product can be configured so anonymous client principals are restricted to obtaining TGT only.

However, in this case, a client can stop the KDC.

An attacker can therefore send a malicious query to MIT krb5, in order to trigger a KDC denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-3119

MIT krb5: NULL pointer dereference via LDAP process_db_args

Synthesis of the vulnerability

An attacker, with permission to modify a principal entry, can force a NULL pointer to be dereferenced in the LDAP KDB module of MIT krb5, in order to trigger a denial of service.
Impacted products: Debian, Fedora, MIT krb5, openSUSE, openSUSE Leap, RHEL.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: privileged account.
Creation date: 23/03/2016.
Identifiers: CVE-2016-3119, DLA-1265-1, FEDORA-2016-56840babc3, FEDORA-2016-ed99cb602e, openSUSE-SU-2016:0947-1, openSUSE-SU-2016:1072-1, RHSA-2016:2591-02, VIGILANCE-VUL-19206.

Description of the vulnerability

The MIT krb5 product can use a LDAP KDB module.

However, if an argument is empty, the process_db_args() function of the src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c file does not check if a pointer is NULL, before using it.

An attacker, with permission to modify a principal entry, can therefore force a NULL pointer to be dereferenced in the LDAP KDB module of MIT krb5, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-8629 CVE-2015-8630 CVE-2015-8631

MIT krb5: three vulnerabilities of kadmin

Synthesis of the vulnerability

An attacker can use several vulnerabilities of kadmin of MIT krb5.
Impacted products: Debian, Fedora, MIT krb5, openSUSE, openSUSE Leap, RHEL.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 01/02/2016.
Identifiers: 1302617, 1302632, 1302642, CVE-2015-8629, CVE-2015-8630, CVE-2015-8631, DSA-3466-1, FEDORA-2016-35492207cb, FEDORA-2016-d9d394d999, openSUSE-SU-2016:0406-1, openSUSE-SU-2016:0501-1, RHSA-2016:0493-01, RHSA-2016:0532-01, VIGILANCE-VUL-18853.

Description of the vulnerability

Several vulnerabilities were announced in MIT krb5.

An attacker can read a memory fragment, in order to obtain sensitive information. [severity:1/4; 1302617, CVE-2015-8629]

An attacker can force a NULL pointer to be dereferenced, in order to trigger a denial of service. [severity:2/4; 1302632, CVE-2015-8630]

An attacker can create a memory leak in kadmind, in order to trigger a denial of service. [severity:2/4; 1302642, CVE-2015-8631]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-2698

MIT krb5: memory corruption via IAKERB

Synthesis of the vulnerability

An attacker can generate a memory corruption in IAKERB of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, MIT krb5, openSUSE, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 09/11/2015.
Identifiers: CVE-2015-2698, FEDORA-2015-1b9c33d713, FEDORA-2015-200d2dfd9f, FEDORA-2015-58ae075703, openSUSE-SU-2015:2055-1, openSUSE-SU-2015:2376-1, USN-2810-1, VIGILANCE-VUL-18261.

Description of the vulnerability

The MIT krb5 product implements IAKERB (Initial and Pass Through Authentication Using Kerberos V5 and the GSS-API).

However, the patch for CVE-2015-2696 (VIGILANCE-VUL-18241) introduced a memory corruption in the iakerb_gss_export_sec_context() function.

An attacker can therefore generate a memory corruption in IAKERB of MIT krb5, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-2695 CVE-2015-2696 CVE-2015-2697

MIT krb5: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of MIT krb5.
Impacted products: Debian, Fedora, MIT krb5, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 04/11/2015.
Identifiers: CVE-2015-2695, CVE-2015-2696, CVE-2015-2697, DSA-3395-1, DSA-3395-2, FEDORA-2015-1b9c33d713, FEDORA-2015-200d2dfd9f, openSUSE-SU-2015:1928-1, openSUSE-SU-2015:1997-1, SUSE-SU-2015:1897-1, SUSE-SU-2015:1898-1, SUSE-SU-2015:1898-2, USN-2810-1, VIGILANCE-VUL-18241.

Description of the vulnerability

Several vulnerabilities were announced in MIT krb5.

An attacker can force a read at an invalid address in SPNEGO gss_inquire_context(), in order to trigger a denial of service. [severity:2/4; CVE-2015-2695]

An attacker can force a read at an invalid address in IAKERB gss_inquire_context(), in order to trigger a denial of service. [severity:2/4; CVE-2015-2696]

An attacker can force a read at an invalid address in build_principal_va(), in order to trigger a denial of service. [severity:2/4; CVE-2015-2697]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-2694

MIT krb5: bypassing of requires_preauth

Synthesis of the vulnerability

An attacker can use a brute force on MIT krb5, in order to guess the user's password.
Impacted products: Fedora, MIT krb5, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: intranet client.
Creation date: 12/05/2015.
Identifiers: 783557, CVE-2015-2694, FEDORA-2015-7878, RHSA-2015:2154-07, USN-2810-1, VIGILANCE-VUL-16872.

Description of the vulnerability

The MIT krb5 product uses the requires_preauth option to force a pre-authentication before accessing to kinit.

Two kdcpreauth modules can be enabled: OTP and PKINIT.

However the OTP module sets too soon the TKT_FLG_PRE_AUTH bit, and the PKINIT module answers OK when inputs are empty (or if the realm is not configured). The KDC then thinks that the query is pre-authenticated, which bypasses the requires_preauth option. The attacker can thus obtain a ciphertext encrypted by the principal key.

An attacker can therefore use a brute force on MIT krb5, in order to guess the user's password.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-5355

MIT krb5: two vulnerabilities via krb5_read_message

Synthesis of the vulnerability

An attacker can force two errors due to the krb5_read_message() function of MIT krb5, in order to trigger a denial of service.
Impacted products: Debian, AIX, MIT krb5, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/02/2015.
Identifiers: bulletinjan2015, CVE-2014-5355, DLA-1265-1, MDVSA-2015:069, openSUSE-SU-2015:0542-1, RHSA-2015:0794-01, RHSA-2015:2154-07, USN-2810-1, VIGILANCE-VUL-16247.

Description of the vulnerability

The krb5_read_message() function reads network messages, and store them in a string.

The krb5_read_message() function does not guaranties that the string containing the version ends with a '\0'. The recvauth_common() function then tries to read a memory area which is not reachable, which triggers a fatal error. [severity:2/4]

An attacker can use a version with a zero length, to force a NULL pointer to be dereferenced in recvauth_common(), in order to trigger a denial of service. [severity:2/4]

An attacker can therefore force two errors due to the krb5_read_message() function of MIT krb5, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-5352 CVE-2014-9421 CVE-2014-9422

MIT krb5: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of MIT krb5.
Impacted products: Debian, Fedora, AIX, MIT krb5, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: user account.
Number of vulnerabilities in this bulletin: 4.
Creation date: 04/02/2015.
Identifiers: CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423, DSA-3153-1, FEDORA-2015-2347, FEDORA-2015-2382, MDVSA-2015:069, MITKRB5-SA-2015-001, openSUSE-SU-2015:0255-1, RHSA-2015:0439-01, RHSA-2015:0794-01, SUSE-SU-2015:0257-1, SUSE-SU-2015:0290-1, SUSE-SU-2015:0290-2, USN-2498-1, VIGILANCE-VUL-16104, VU#540092.

Description of the vulnerability

Several vulnerabilities were announced in MIT krb5.

An authenticated attacker can force the usage of a freed memory area in gss_process_context_token(), in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-5352]

An authenticated attacker can force the usage of a freed memory area during the deserialization, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-9421]

An attacker who has the key of a principal like "kad/root" (starts with a substring of "kadmin") can impersonate any user to kadmind. [severity:2/4; CVE-2014-9422]

An attacker can read a memory fragment of libgssrpc, in order to obtain sensitive information. [severity:1/4; CVE-2014-9423]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about MIT krb5: