The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of MIT krb5: use after free via SPNEGO init_ctx_reselect

Synthesis of the vulnerability 

An attacker can use a freed memory area in SPNEGO init_ctx_reselect() of MIT krb5, in order to trigger a denial of service, and possibly to execute code.
Vulnerable software: BIG-IP Hardware, TMOS, Fedora, AIX, MIT krb5, openSUSE, RHEL, Ubuntu.
Severity of this announce: 2/4.
Creation date: 28/08/2014.
Références of this computer vulnerability: CVE-2014-4343, FEDORA-2014-8176, FEDORA-2014-8189, openSUSE-SU-2014:0977-1, RHSA-2014:1389-02, RHSA-2015:0439-01, SOL15553, USN-2310-1, VIGILANCE-VUL-15241.

Description of the vulnerability 

During an authentication with Kerberos, in the protocol step named SPNEGO, the client send a packet with his identity, typically a username.

However, a Man-in-the-middle triggers a double memory free in the init_ctx_reselect() function of the lib/gssapi/spnego/spnego_mech.c file.

An attacker can therefore use a freed memory area in SPNEGO init_ctx_reselect() of MIT krb5, in order to trigger a denial of service, and possibly to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability note impacts software or systems such as BIG-IP Hardware, TMOS, Fedora, AIX, MIT krb5, openSUSE, RHEL, Ubuntu.

Our Vigil@nce team determined that the severity of this cybersecurity vulnerability is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

An attacker with a expert ability can exploit this computer threat note.

Solutions for this threat 

MIT krb5: version 1.12.2.
The version 1.12.2 is fixed:
  http://web.mit.edu/kerberos/

MIT krb5: version 1.11.6.
The version 1.11.6 is fixed:
  http://web.mit.edu/kerberos/

AIX: patch for NAS.
A patch is available:
  ftp://aix.software.ibm.com/aix/efixes/security/nas1_fix.tar

F5 BIG-IP: fixed versions for MIT Kerberos 5 CVE-2014-4343.
Fixed versions are indicated in information sources.

Fedora: new krb5 packages.
New packages are available:
  Fedora 20: krb5 1.11.5-10.fc20
  Fedora 19: krb5 1.11.3-24.fc19

openSUSE: new krb5 packages.
New packages are available:
  openSUSE 13.1: krb5 1.11.3-3.8.1
  openSUSE 12.3: krb5 1.10.2-10.26.1

RHEL 6: new krb5 packages.
New packages are available:
  RHEL 6: krb5 1.10.3-33.el6

RHEL 7: new krb5 packages.
New packages are available:
  RHEL 7: krb5 1.12.2-14.el7

Ubuntu: new krb5 packages.
New packages are available, as indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides networks vulnerabilities patches. The Vigil@nce vulnerability database contains several thousand vulnerabilities.